Lucene search
PdrygasATLASSIAN:JRASERVER-69100HistoryApr 02, 2019 - 5:50 a.m.
Upgrade Tomcat to 8.5.38 to fix CVE-2019-0199
2019-04-0205:50:03
pdrygas
jira.atlassian.com
27
EPSS
0.727
Percentile
98.1%
h3. Denial of service in Apache TomcatΒ CVE-2019-0199
A vulnerability was found in Apache Tomcat version from 9.0.0.M1 to 9.0.14 inclusive and 8.5.0 to 8.5.37 inclusive. The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet APIβs blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Workaround
Upgrading to Tomcat 9.0.16 will fix the issue.
h4. Fixed Versions
-
>= 8.5.38
-
>= 9.0.16
Related
nessus
nessus
RHEL 8 : 10.6_pki-servlet-container (Unpatched Vulnerability)
2024-06-03 00:00:00
Photon OS 3.0: Apache PHSA-2019-3.0-0011
2024-07-22 00:00:00
Apache Tomcat 8.5.0 < 8.5.41 Denial of Service
2019-07-10 00:00:00
github
github
Apache Tomcat Denial of Service vulnerability
2020-06-15 18:51:09
Improper Locking in Apache Tomcat
2019-06-26 01:09:40
tomcat
tomcat
Fixed in Apache Tomcat 9.0.16
2019-02-08 00:00:00
Fixed in Apache Tomcat 8.5.38
2019-02-08 00:00:00
Fixed in Apache Tomcat 8.5.41
2019-05-13 00:00:00
cvelist
cvelist
CVE-2019-0199
2019-04-10 14:21:50
CVE-2019-10072
2019-06-21 17:56:42
kaspersky
kaspersky
KLA11495 DOS vulnerability in Apache Tomcat
2019-02-08 00:00:00
KLA11494 DOS vulnerability in Apache Tomcat
2019-02-08 00:00:00
suse
suse
Security update for tomcat (moderate)
2019-07-19 00:00:00
Security update for tomcat (moderate)
2019-06-30 00:00:00
Security update for tomcat (moderate)
2019-07-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for tomcat (openSUSE-SU-2019:1723-1)
2019-07-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1825-1)
2021-06-09 00:00:00
Apache Tomcat DoS Vulnerability (Mar 2019) - Windows
2019-04-16 00:00:00
redhatcve
redhatcve
CVE-2019-0199
2019-03-27 14:58:56
CVE-2019-10072
2019-06-25 08:51:26
ibm
ibm
f5
f5
K93000310 : Apache Tomcat vulnerability CVE-2019-0199
2019-04-09 00:00:00
K17321505 : Apache Tomcat vulnerability CVE-2019-10072
2019-06-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-03-26 02:56:18
Denial Of Service (DoS)
2019-06-21 05:42:50
nvd
nvd
CVE-2019-0199
2019-04-10 15:29:00
CVE-2019-10072
2019-06-21 18:15:09
ubuntucve
ubuntucve
CVE-2019-0199
2019-04-10 00:00:00
CVE-2019-10072
2019-06-21 00:00:00
osv
osv
Apache Tomcat Denial of Service vulnerability
2020-06-15 18:51:09
CVE-2019-0199
2019-04-10 15:29:00
Improper Locking in Apache Tomcat
2019-06-26 01:09:40
debiancve
debiancve
CVE-2019-0199
2019-04-10 15:29:00
CVE-2019-10072
2019-06-21 18:15:09
prion
prion
Open redirect
2019-04-10 15:29:00
Code injection
2019-06-21 18:15:00
cve
cve
CVE-2019-0199
2019-04-10 15:29:00
CVE-2019-10072
2019-06-21 18:15:09
atlassian
atlassian
Upgrade Tomcat to 8.5.38 to fix CVE-2019-0199
2019-04-02 05:50:03
fedora
fedora
[SECURITY] Fedora 30 Update: tomcat-9.0.21-1.fc30
2019-06-25 01:27:24
[SECURITY] Fedora 29 Update: tomcat-9.0.21-1.fc29
2019-07-04 02:51:06
amazon
amazon
Important: tomcat8
2019-07-17 23:21:00
Important: tomcat8
2019-05-16 23:11:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2019-09-08 17:09:05
ubuntu
ubuntu
Tomcat vulnerabilities
2019-09-10 00:00:00
Tomcat vulnerabilities
2019-09-18 00:00:00
photon
photon
redhat
redhat
debian
debian
[SECURITY] [DSA 4596-1] tomcat8 security update
2019-12-27 22:15:49
symantec
symantec
Apache Tomcat Vulnerabilities Oct 2018 β Feb 2020
2020-05-12 19:02:01
hackerone
hackerone
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00