Denial Of Service (DoS)

org.apache.tomcat: tomcat-coyote is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessive HTTP headers in HTTP/2 streams, which leads to the miscounting of active streams resulting in an infinite connection timeout. This allows connections to remain open...

Internet Bug Bounty: CVE-2024-34750 Apache Tomcat DoS vulnerability in HTTP/2 connector

CVE-2024-34750: Apache Tomcat Denial of Service Vulnerability A vulnerability was discovered in Apache Tomcat versions between 11.0.0-M1 and 11.0.0-M20, 10.1.0-M1 and 10.1.24, and 9.0.0-M1 and 9.0.89. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers...

Apache Tomcat DoS Vulnerability (Jul 2024) - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

Apache Tomcat DoS Vulnerability (Jul 2024) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

CVE-2024-34750

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

CVE-2024-34750

CVE-2024-34750 affects Apache Tomcat across multiple lines of the 9.x, 10.x, and 11.x series, where improper handling of HTTP/2 streams leads to miscounting active streams and the use of an infinite timeout, allowing connections to remain open. Root cause: during HTTP/2 processing, Tomcat fails t...

CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

BIT-APACHE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)

The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...

ROS-20240703-12

An Apache Tomcat application server vulnerability is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted HTTP/2 requests...

Apache Tomcat 10.1.0.M1 < 10.1.25

The version of Tomcat installed on the remote host is prior to 10.1.25. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.25security-10 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

CBL Mariner 2.0 Security Update: nodejs18 / nodejs (CVE-2024-27983)

The version of nodejs18 / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27983 advisory. - An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount o...

Apache Tomcat 11.0.0.M1 < 11.0.0.M21

The version of Tomcat installed on the remote host is prior to 11.0.0.M21. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m21security-11 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache...

Apache Tomcat 9.0.0.M1 < 9.0.90

The version of Tomcat installed on the remote host is prior to 9.0.90. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.90security-9 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat...