A vulnerability in Apache Tomcat could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an incomplete fix for CVE-2019-0199, which did not address HTTP/2 connection window exhaustion on write. The affected software does not send WINDOW_UPDATE messages for the connection window (stream 0), which could allow clients to cause server-side threads to block. An attacker could exploit this vulnerability to cause thread exhaustion, resulting in a DoS condition. Apache has confirmed the vulnerability and released software updates.
|Apache||Tomcat||8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 8.5.8, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15, 8.5.16, 8.5.17, 8.5.18, 8.5.19, 8.5.20, 8.5.21, 8.5.22, 8.5.23, 8.5.24, 8.5.25, 8.5.26, 8.5.27, 8.5.28, 8.5.29, 8.5.30, 8.5.31, 8.5.32, 8.5.33, 8.5.34, 8.5.35, 8.5.36, 8.5.37, 8.5.38, 8.5.39, 8.5.40, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.0.11, 9.0.12, 9.0.13, 9.0.14, 9.0.15, 9.0.16, 9.0.17, 9.0.19|
Aware IM Developer - Server Components, Resources and Dependencies Aware IM is a rapid low-code application development tool that lets you create powerful aesthetically appealing web applications quickly Changelog Software Written in 100% Java programming language Aware IM is based on the plethora of Java technologies such as J2EE application server, JDBC, JMS, JSP/serv
House of Larry delivers massive update for 93 products
Oracle has released a sweeping set of security patches across the breadth of its software line.
The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.
As you may imagine, most IT admins will only need to test and apply a handful of the updates for their specific platforms.
For Oracle's flagship Database Serve...
Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017.
The company said in a pre-release announcement that some of the vulnerabilities affect multiple products. “Due to the threat ...