Lucene search

K
nessusTenable700710.PASL
HistoryMay 13, 2019 - 12:00 a.m.

Apache Tomcat 9.0.x < 9.0.16 DoS

2019-05-1300:00:00
Tenable
www.tenable.com
31

The version of Tomcat installed on the remote host is prior to 9.0.16. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.16_security-9 advisory.

  • The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API’s blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-0199)

Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application’s self-reported version number.

Binary data 700710.pasl
VendorProductVersion
apachetomcat