HomePentest-Tools.com Logo

Apache Tomcat DoS Vulnerability - June19 (Windows) CVE-2019-10072

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Tomcat is prone to a denial of service vulnerability.

Risk description

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write. By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients are able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Recommendation

Update to version 8.5.41, 9.0.20 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 21, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available