Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45882
HistoryMar 16, 2024 - 8:57 p.m.

Denial Of Service (DoS)

2024-03-1620:57:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
denial of service
org.apache.tomcat
tomcat-coyote
http/2
request handling
headers
vulnerability
attacker
attacks
software

AI Score

6.6

Confidence

High

EPSS

0

Percentile

14.8%

org.apache.tomcat, tomcat-coyote is vulnerable to Denial of Service (DoS). The vulnerability is due to improper request handling when processing an HTTP/2 request that exceeds any of the configured limits for headers, leading to the associated HTTP/2 stream not being reset until after all of the headers had been processed. This vulnerability allows an attacker to send requests with excessively large headers or too many headers which can result in Denial Of Service (DoS) attacks.