The version of Apache Tomcat installed on the remote host is 9.0.0.M1 to 9.0.19 or 8.5.0 to 8.5.40. It is, therefore, affected by a denial of service vulnerability due to an incomplete fix for CVE-2019-0199 which did not address HTTP/2 connection window exhaustion on write.
Note that the scanner has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.
No source data