CVE-2019-10072

creationtimestamp| type| source ---|---|--- 2024-01-15 08:41:07+00:00| seen| https://t.me/ctinow/168208...

K17321505: Apache Tomcat vulnerability CVE-2019-10072

Security Advisory Description The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)

The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...

Mageia: Security Advisory (MGASA-2019-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.41 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2019-0199 and CVE-2019-10072 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2019-0199 DESCRIPTION: Apache...

Vulnerabilities fixed in Oracle Siebel CRM

Oracle has fixed vulnerabilities in the following Oracle Siebel CRM products: Siebel Apps - Marketing Siebel UI Framework The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable application may be able to execute attacks that result in the following...

Security Bulletin: CVE-2019-10072

Summary The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threa...

[SECURITY] [DSA 4680-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2094)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.2 security (Important) (RHSA-2019:3929)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3929 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release

Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release

Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-2094)

According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to...

Ubuntu: Security Advisory (USN-4128-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS : Tomcat vulnerabilities (USN-4128-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4128-2 advisory. It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to...

USN-4128-2 tomcat9 vulnerabilities

It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing...

Ubuntu: Security Advisory (USN-4128-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Tomcat DoS Vulnerability (Jun 2019) - Linux

Apache Tomcat is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072

Summary IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v8 Vulnerability Details CVEID: CVE-2019-10072 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by HTTP/2 connection window exhaustion on write. By failing to send...

CVE-2019-10072

CVE-2019-10072 affects Apache Tomcat in the HTTP/2 handling. The documented issue states that the fix for CVE-2019-0199 was incomplete, allowing HTTP/2 connection window exhaustion on write (stream 0). Affected versions: Tomcat 9.0.0.M1–9.0.19 and 8.5.0–8.5.40. Consequence: server-side threads ca...