tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

RLSA-2025:14178 Important: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

Apache Tomcat: Request header mix-up between HTTP/2 streams

...

Denial Of Service (DoS)

Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 control frames due to a flaw in enforcing the max concurrent streams limit, leading to resource exhaustion and denial of service...

Security Bulletin: Vulnerabilities in Netty-codec and Netty-handler might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Netty-codec and Netty-handler. Vulnerabilities include an incorrect validation of special crafted packet via SslHandler can lead to a native crash, the SniHandler can allocate up to 16MB of heap for each chann...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.19 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.19. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat Product OCP Tools 4.15 OpenShift Jenkins (RHSA-2025:16462)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16462 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

RHEL 9 : Red Hat Product OCP Tools 4.18 Openshift Jenkins (RHSA-2025:16455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16455 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

[SECURITY] [DSA 6005-1] jetty9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2025 https://www.debian.org/security/faq -...

Debian dsa-6005 : jetty9 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6005 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/...

Debian dsa-6006 : jetty12 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6006 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6006-1 [email protected] https://www.debian.org/security/ Moritz...

GHSA-393W-9X6H-8GC7 Pingora update for MadeYouReset HTTP/2 vulnerability

Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the server. Repeated resets can for...

Pingora MadeYouReset HTTP/2 vulnerability

Pingora deployments using versions prior to 0.6.0 that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the...