org.apache.tomcat, tomcat-coyote is vulnerable to Denial of Service (DoS). The vulnerability is due to improper request handling when processing an HTTP/2 request that exceeds any of the configured limits for headers, leading to the associated HTTP/2 stream not being reset until after all of the headers had been processed. This vulnerability allows an attacker to send requests with excessively large headers or too many headers which can result in Denial Of Service (DoS) attacks.
www.openwall.com/lists/oss-security/2024/03/13/3
github.com/advisories/GHSA-7w75-32cg-r6g2
github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
lists.debian.org/debian-lts-announce/2024/04/msg00001.html
lists.fedoraproject.org/archives/list/[email protected]/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
lists.fedoraproject.org/archives/list/[email protected]/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
security.netapp.com/advisory/ntap-20240402-0002/