GHSA-qcxh-w3j9-58qr

Source

https://github.com/advisories/GHSA-qcxh-w3j9-58qr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-qcxh-w3j9-58qr/GHSA-qcxh-w3j9-58qr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qcxh-w3j9-58qr

Aliases

CVE-2019-0199

Published

2020-06-15T18:51:09Z

Modified

2024-03-16T05:16:48.960226Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Apache Tomcat Denial of Service vulnerability

Details

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

References

Affected packages

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name: org.apache.tomcat.embed:tomcat-embed-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.0.16

Affected versions

9.*

9.0.1

9.0.2

9.0.4

9.0.5

9.0.6

9.0.7

9.0.8

9.0.10

9.0.11

9.0.12

9.0.13

9.0.14

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name: org.apache.tomcat.embed:tomcat-embed-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.5.38

Affected versions

8.*

8.0.1

8.0.3

8.0.5

8.0.8

8.0.9

8.0.11

8.0.12

8.0.14

8.0.15

8.0.17

8.0.18

8.0.20

8.0.21

8.0.22

8.0.23

8.0.24

8.0.26

8.0.27

8.0.28

8.0.29

8.0.30

8.0.32

8.0.33

8.0.35

8.0.36

8.0.37

8.0.38

8.0.39

8.0.41

8.0.42

8.0.43

8.0.44

8.0.45

8.0.46

8.0.47

8.0.48

8.0.49

8.0.50

8.0.51

8.0.52

8.0.53

8.5.0

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.8

8.5.9

8.5.11

8.5.12

8.5.13

8.5.14

8.5.15

8.5.16

8.5.19

8.5.20

8.5.21

8.5.23

8.5.24

8.5.27

8.5.28

8.5.29

8.5.30

8.5.31

8.5.32

8.5.33

8.5.34

8.5.35

8.5.37