6 matches found
Broke Window Attack
Varnish Cache, Varnish Enterprise is vulnerable to a Broke Window Attack. The vulnerability is due to exhaustion of credits for an HTTP/2 connection control flow window...
The vulnerability of the Apache Tomcat application server, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Apache Tomcat application server is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a malicious actor to cause service failures when the WINDOWUPDATE message is not sent to the connection window thread 0...
EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-2094)
According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to...
Improper Locking in Apache Tomcat
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...
CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...
CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...