tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. A race condition during connection closure could trigger a JVM crash when using the APR/Native connector, leading to a denial of service. This issue was particularly noticeable with client-initiated closures of HTTP/2 connections...

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions 9.4.57 and earlier, 10.0.25 and earlier, 11.0.25 and earlier, 12.0.21 and earlier, and 12.1.0.alpha2 and earlier, which originat...

RHEL 8 : tomcat (RHSA-2025:14177)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

SUSE CVE-2025-55163

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2850 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2025-55163 Source advisory: SNYK:JAVA-IONETTY-11799531...

Improper Resource Shutdown or Release

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP/2 Handler. An attacker can cause a denial of service by sending specially crafted requests that exploit improp...

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

DEBIAN-CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

UBUNTU-CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

PT-2025-34542 · Swifturl · Github.Com/Apple/Swift-Nio-Http2

The HTTP/2 MadeYouReset vulnerability has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2025:02745-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02745-1 advisory. - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fix...

Jetty 10.0.6 HTTP/2 Stream Exhaustion Denial of Service

Jetty version 10.0.6 is vulnerable to a denial of service condition via HTTP/2 stream exhaustion. By opening and maintaining a large number of idle HTTP/2 streams, an attacker can exhaust server resources and cause the service to become unresponsive. This archive includes a Ruby Metasploit...

Important: tomcat9

Issue Overview: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from...

Linux Distros Unpatched Vulnerability : CVE-2025-53538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and belo...