4432 matches found
KLA12087 Multiple vulnerabilities in Apache Tomcat
Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability can be exploited to obtain sensitive information. ...
PT-2020-15032
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 10.0.0-M1 through 10.0.0-M9 Apache Tomcat versions 9.0.0-M1 through 9.0.39 Apache Tomcat versions 8.5.0 through 8.5.59 Description The issue allows Apache Tomcat to re-use an HTTP request header value from the previous...
HTTP/3: Ready to Land
Hi, my name is Mike Bishop; I'm the editor of the newest version of HTTP, HTTP/3. I'm part of Foundry, a team at Akamai that focuses on new and emerging technologies that will impact the future of the web. I've been involved in web standards since the early days of HTTP/2, and most of my work has...
openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:1842-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : tomcat (openSUSE-2020-1842)
This update for tomcat fixes the following issues : - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582 This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUS...
OPENSUSE-SU-2020:1842-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582 This update was imported from the SUSE:SLE-15-SP1:Update update project...
Security update for tomcat (moderate)
openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2020:1842-1 Rating: moderate References: 1177582 Cross-References: CVE-2020-13943 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for tomcat...
Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2020-2372)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-2372)
According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2324)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : tomcat (openSUSE-2020-1799)
This update for tomcat fixes the following issues : - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582 This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUS...
CVE-2019-9511
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
OPENSUSE-SU-2020:1799-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582 This update was imported from the SUSE:SLE-15-SP2:Update update project...
Security update for tomcat (moderate)
openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2020:1799-1 Rating: moderate References: 1177582 Cross-References: CVE-2020-13943 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tomcat...
MGASA-2020-0397 Updated tomcat packages fix a security vulnerability
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...
Updated tomcat packages fix a security vulnerability
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...
httpd: mod_http2 concurrent pool usage
A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...
SUSE-SU-2020:3069-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582...
SUSE-SU-2020:3068-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582...
Apache Tomcat 10.0.0-M1 < 10.0.0-M8 Information Disclosure
The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57. It is, therefore, affected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2...