Apache Tomcat DoS Vulnerability (CVE-2019-0199) Threat Alert
março 28, 2019
1 Vulnerability Overview
Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from clients can cause server-side thread exhaustion. Successful exploitation of this vulnerability would result in a denial of service on the target. (mais…)