Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
22
Affected Products
7
References
apache / tomcat
| - |
| apache | tomcat | 10.1.0 - 10.1.19 | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| apache | tomcat | - | - |
| debian | debian_linux | - | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact