1 Vulnerability Overview Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from...
