The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 8.5.2 |
||
apache tomcat 8.5.4 |
||
apache tomcat 8.5.0 |
||
apache tomcat 8.5.5 |
||
apache tomcat 8.5.3 |
||
apache tomcat 8.5.6 |
||
apache tomcat 8.5.1 |
||
apache tomcat 9.0.0 |