RHEL 8 : 10.6_pki-servlet-container (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Apache Tomcat HTTP/2 DoS CVE-2019-0199 Note that Nessus has not tested for this issue but has instead relie...

pki-deps:10.6 security update

apache-commons-collections 3.2.2-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora29MassRebuild 3.2.2-9 - Remove workaround for symlink-directory rpm bug jackson-bom 2.9.8-1 - Update to latest upstream release 2.9.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 2.9.4-1 -...

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...