HomePentest-Tools.com Logo

Apache Tomcat DoS Vulnerability - March19 (Windows) CVE-2019-0199

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Tomcat is prone to a denial of service vulnerability in the HTTP/2 implementation.

Risk description

The HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permitts clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilises the Servlet APIs blocking I/O, clients are able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Recommendation

Update to version 8.5.38, 9.0.16 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 10, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available