logo
DATABASE RESOURCES PRICING ABOUT US

Fixed in Apache Tomcat 9.0.36

Description

**Important: HTTP/2 DoS** [CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit [9a023168](<https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976>). This issue was reported publicly via the Apache Tomcat Users mailing list on 21 May 2020 without reference to the potential for DoS. The DoS risks were identified by the Apache Tomcat Security Team the same day. The issue was made public on 25 June 2020. Affects: 9.0.0.M1 to 9.0.35


Affected Software


CPE Name Name Version
apache tomcat 9.0.0.M1
apache tomcat 9.0.35

Related