Описание
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Developer Toolset 3.1 | devtoolset-3-tomcat | Under investigation | ||
| Red Hat JBoss Enterprise Application Platform 5 | tomcat | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | tomcat | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | tomcat | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | tomcat | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | tomcat | Not affected | ||
| Red Hat JBoss Web Server 3 | tomcat8 | Not affected | ||
| Red Hat Software Collections | rh-java-common-tomcat | Under investigation |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Связанные уязвимости
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ...
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
EPSS
7.5 High
CVSS3
5 Medium
CVSS2