Apache Tomcat HTTP/2 Implementation Denial of Service Vulnerability

By GIXnews


A vulnerability in Apache Tomcat could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a resource exhaustion condition in the HTTP/2 implementation of the affected software. An attacker could exploit this vulnerability by keeping streams that use the blocking I/O of the Servlet API open for requests. A successful exploit could result in a DoS condition on the targeted system.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-0199

Source:: Cisco Multivendor Vulnerability Alerts