Eight HTTP/2 Denial of Service (DoS) Vulnerabilities...

Question

Eight HTTP/2 Denial of Service (DoS) Vulnerabilities Disclosed by ResearchersResearchers publicly disclosed eight vulnerabilities in HTTP/2, a major revision of the Web’s protocol on August 13. Netflix published an advisory for their GitHub page about the vulnerabilities, which were discovered by their Engineering Manager, Jonathan Looney, but one of which was discovered by Piotr Sikora, a Senior Software Engineer at Google.The following is the list of CVEs and nicknames given to the vulnerabilities in the advisory.CVE-2019-9511 - “Data Dribble”CVE-2019-9512 - “Ping Flood”CVE-2019-9513 - “Resource Loop”CVE-2019-9514 - “Reset Flood”CVE-2019-9515 - “Settings Flood”CVE-2019-9516 - “0-Length Headers Leak”CVE-2019-9517 - “Internal Data Buffering”CVE-2019-9518 - “Empty Frames Flood”Vulnerability in italics was discovered by Piotr Sikora.For more information about these vulnerabilities, including Tenable product coverage, please visit our blog.

anonymous · Answer

Thanks &nbsp;Satnam Narang&nbsp;(Tenable)

fajah · Answer

Thanks for the update.

Vulnerability Watch

Forum Discussion

Eight HTTP/2 Denial of Service (DoS) Vulnerabilities...

2 Replies

Recent Discussions

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Americas

Europe

Asia / Australia