GHSA-PRJ3-CCX8-P6X4 Netty affected by MadeYouReset HTTP/2 DDoS vulnerability

Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to brea...

SUSE CVE-2017-5650

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...

The vulnerability of the Apache Tomcat application server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Apache Tomcat application server is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a malicious actor to cause service failures when the WINDOWUPDATE message is not sent to the connection window thread 0...

PT-2017-16645 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.0 through 8.5.12 Apache Tomcat versions 9.0.0.M1 through 9.0.0.M18 Description: The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiti...