2 matches found
BIT-TOMCAT-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks
The documentation of Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentialit...
tomcat security update
1:9.0.62-11.3 - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...