55 matches found
Fixed in Apache Tomcat 10.0.2
Note: The issues below were fixed in Apache Tomcat 10.0.1 but the release vote for the 10.0.1 release candidate did not pass. Therefore, although users must download 10.0.2 to obtain a version that includes a fix for these issues, version 10.0.1 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.5.63
Note: The issues below were fixed in Apache Tomcat 8.5.62 but the release vote for the 8.5.62 release candidate did not pass. Therefore, although users must download 8.5.63 to obtain a version that includes a fix for these issues, version 8.5.62 is not included in the list of affected versions...
H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)
h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...
UPDATE: Merlin v0.9.0
Merlin v0.9.0 was released a couple of days ago. This release adds support for HTTP and h2c protocols. As we know, the h2c protocol is the non-TLS version of HTTP/2. This release also adds new "Listeners" menu to create and manage multiple listeners. You can now configure agent/listeners to liste...
Amazon Linux AMI : tomcat8 (ALAS-2020-1409)
The version of tomcat8 installed on the remote host is prior to 8.5.57-1.85. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1409 advisory. The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 t...
Apache Tomcat 9.0.0.M1 < 9.0.37 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.37security-9 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to...
CVE-2020-13934
A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability i...
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...
Design/Logic Flaw
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...
CVE-2020-13934
CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...
KLA12083 DoS vulnerabilities in Apache Tomcat
DoS vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. DoS vulnerability in h2c direct connection can be exploited to cause denial of service. 2. DoS vulnerability in WebSocket...
CVE-2019-10081
A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash. Mitigation This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including "h2...
H2Buster - A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2
A threaded, recursive, web directory brute-force scanner over HTTP/2 using hyper, inspired by Gobuster. Features Fast and portable - install hyper and run. Multiconnection scanning. Multithreaded connections. Scalable: scans can be as docile or aggressive as you configure them to be. h2 and h2c...
Apache HTTP Server 'mod_http2' Denial of Service Vulnerability - Linux
Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...