Описание
ELSA-2023-5928: tomcat security update (IMPORTANT)
[1:9.0.62-5.2]
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
tomcat
9.0.62-5.el8_8.2
tomcat-admin-webapps
9.0.62-5.el8_8.2
tomcat-docs-webapp
9.0.62-5.el8_8.2
tomcat-el-3.0-api
9.0.62-5.el8_8.2
tomcat-jsp-2.3-api
9.0.62-5.el8_8.2
tomcat-lib
9.0.62-5.el8_8.2
tomcat-servlet-4.0-api
9.0.62-5.el8_8.2
tomcat-webapps
9.0.62-5.el8_8.2
Oracle Linux x86_64
tomcat
9.0.62-5.el8_8.2
tomcat-admin-webapps
9.0.62-5.el8_8.2
tomcat-docs-webapp
9.0.62-5.el8_8.2
tomcat-el-3.0-api
9.0.62-5.el8_8.2
tomcat-jsp-2.3-api
9.0.62-5.el8_8.2
tomcat-lib
9.0.62-5.el8_8.2
tomcat-servlet-4.0-api
9.0.62-5.el8_8.2
tomcat-webapps
9.0.62-5.el8_8.2
Связанные CVE
Связанные уязвимости
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consum ...