4431 matches found
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
Code injection
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
CVE-2017-5650
CVE-2017-5650 affects Apache Tomcat 9.0.0.M1–M18 and 8.5.0–8.5.12. The HTTP/2 GOAWAY handling could fail to close streams waiting for a WINDOW_UPDATE, causing those streams to consume threads and enabling a malicious client to exhaust processing threads (DoS). There is no exploitation status in t...
Apache Tomcat 8.5.x < 8.5.13 / 9.0.0.x < 9.0.0.M19 Multiple Vulnerabilities
Binary data 700057.pasl...
Apache Tomcat 8.5.0 < 8.5.13 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.13. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.13security-8 advisory. - In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors...
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...
Denial Of Service (DoS)
tomcat-coyote is vulnerable to denial of service DoS attacks. A malicious user can send malicious HTTP/2 requests that can consume all available threads...
Wallarm Teams up with NGINX Plus to Provide Advanced Security
Wallarm is excited to be a pioneer security vendor in NGINX Certified Module program and provide trusted and verified security functionality to NGINX Plus customers. “We are pleased to announce that Wallarm is now part of the NGINX Plus Certified Module program with the Wallarm Next Generation WA...
Hardcoded credentials
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...
CVE-2017-2428
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...
Fixed in Apache Tomcat 8.5.13
Important: Information Disclosure CVE-2017-5651 The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could resu...
Fixed in Apache Tomcat 9.0.0.M19
Important: Information Disclosure CVE-2017-5651 The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could resu...
Reaching toward universal TLS SNI
The past few years have seen a dramatic increase in client support for TLS SNI a technology standard that makes HTTPS much more scaleable. While early 2014 saw fewer than 85% of HTTPS requests being sent by clients supporting TLS SNI, many Akamai customers today now see client TLS SNI usage...
HTTP/2 Server Push: The What, How and Why
What is HTTP/2 Server Push? How does it work? Why is it valuable? If you are looking for the answers to these questions, you've come to the right place. What it is HTTP/2 h2 Server Push is one of the performance features included in version 2 of the HTTP protocol. It allows the Web server to "pus...
Information Disclosure
tomcat-coyote is vulnerable to information disclosure. The vulnerability is caused due to a regression introduced by a refactoring to widen the use of bytebuffer. Due to the flaw, when running behind a reverse proxy, the information leaks between requests on the same connection. All HTTP connecto...
Apache Tomcat denial of service vulnerability, CVE-2016-6817)
The HTTP/2 header parser entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. This was fixed in revision 1765794. This issue was reported as 60232 on 10 October 2016 and the security implications identified by...