We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities:
Ping flood: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512 Reset flood: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514 Settings flood: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
A Twisted web server supports HTTP/2 requests if you've installed the http2 optional dependency set.
http2
There are no workarounds.
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
If you have any questions or comments about this advisory:
Impact
Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities:
Ping flood: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
Reset flood: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
Settings flood: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
A Twisted web server supports HTTP/2 requests if you've installed the
http2optional dependency set.Workarounds
There are no workarounds.
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
For more information
If you have any questions or comments about this advisory: