Important: Denial of Service CVE-2024-23672
It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption.
This was fixed with commit 52d6650e.
This issue was identified by the Tomcat Security Team on 17 January 2024. The issue was made public on 13 March 2024.
Affects: 9.0.0-M1 to 9.0.85
Important: Denial of Service CVE-2024-24549
When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.
This was fixed with commit 8e03be9f.
This issue was reported to the Tomcat Security Team on 24 January 2024. The issue was made public on 13 March 2024.
Affects: 9.0.0-M1 to 9.0.85