CVE-2019-0199

Опубликовано: 10 апр. 2019

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Релиз	Статус	Примечание
bionic	released	8.5.39-1ubuntu1~18.04.1
cosmic	released	8.5.39-1ubuntu1~18.10
devel	DNE
esm-apps/bionic	released	8.5.39-1ubuntu1~18.04.1
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	code not present
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	8.5.38-1

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	9.0.16-3~18.04.1
cosmic	not-affected	9.0.16-3~18.10
devel	not-affected	9.0.16-3
esm-apps/bionic	not-affected	9.0.16-3~18.04.1
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	9.0.16-1
xenial	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2019-0199

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-0199

CVSS3: 7.5

redhat

около 6 лет назад

CVE-2019-0199

CVSS3: 7.5

nvd

около 6 лет назад

CVE-2019-0199

CVSS3: 7.5

debian

около 6 лет назад

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...

openSUSE-SU-2019:1723-1

suse-cvrf

почти 6 лет назад

Security update for tomcat

SUSE-SU-2019:1825-1

suse-cvrf

почти 6 лет назад

Security update for tomcat

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2019-0199

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости