Apache

Apache Tomcat DoS Vulnerability (CVE-2019-0199) Threat Alert

March 28, 2019

1 Vulnerability Overview

Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from clients can cause server-side thread exhaustion. Successful exploitation of this vulnerability would result in a denial of service on the target. (more…)