Apache Tomcat DoS Vulnerability - March19 (Windows) CVE-2019-0199
- CVSSv3 Score
- Vulnerability description
Apache Tomcat is prone to a denial of service vulnerability in the HTTP/2 implementation.
- Risk description
The HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permitts clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilises the Servlet APIs blocking I/O, clients are able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Update to version 8.5.38, 9.0.16 or later.
- Not available