-
Task
-
Resolution: Done
-
Medium
-
None
-
None
Short Summary: Apache Tomcat is prone to a denial-of-service vulnerability; fixes are available.
Discussion: Apache Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It is freely available under the Apache Software License for various operating systems. Apache Tomcat is prone to a denial-of-service vulnerability due to an 'OutOfMemoryException' error. Specifically, this issue occurs because the 'h2c' direct-connection fails to release the 'HTTP/1.1' processor after the upgrade to 'HTTP/2'.Attackers may leverage this issue to cause denial-of-service conditions.The following versions are affected:Apache Tomcat 10.0.0-M1 through 10.0.0-M6 Apache Tomcat 9.0.0.M5 through 9.0.36 Apache Tomcat 8.5.1 through 8.5.56
Solution: Updates are available. Please see the references or vendor advisory for more information
CVE Numbers:
CVE-2020-13934