tomcat-embed-core-8.5.35.jar|CVE-2019-0199
Created by: armorcodegithubpreprod[bot]
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. Vulnerable Software: cpe:2.3:a:apache:tomcat:9.0.0:m6:::::: cpe:2.3:a:apache:tomcat:9.0.0:m10:::::: cpe:2.3:a:apache:tomcat:9.0.0:m7:::::: cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:apache:tomcat:9.0.0:m17:::::: cpe:2.3:a:apache:tomcat:9.0.0:m1:::::: cpe:2.3:a:apache:tomcat:9.0.0:m19:::::: cpe:2.3:a:apache:tomcat:9.0.0:m5:::::: cpe:2.3:a:apache:tomcat:9.0.0:m18:::::: cpe:2.3:a:apache:tomcat:9.0.0:m13:::::: cpe:2.3:a:apache:tomcat:9.0.0:m21:::::: cpe:2.3:a:apache:tomcat:9.0.0:m20:::::: cpe:2.3:a:apache:tomcat:9.0.0:m14:::::: cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:apache:tomcat:9.0.0:m2:::::: cpe:2.3:a:apache:tomcat:9.0.0:m9:::::: cpe:2.3:a:apache:tomcat:9.0.0:m12:::::: cpe:2.3:a:apache:tomcat:9.0.0:m15:::::: cpe:2.3:a:apache:tomcat:9.0.0:m4:::::: cpe:2.3:a:apache:tomcat:9.0.0:m16:::::: cpe:2.3:a:apache:tomcat:9.0.0:m11:::::: cpe:2.3:a:apache:tomcat:9.0.0:m3:::::: cpe:2.3:a:apache:tomcat:9.0.0:m8::::::
File Path: \Profiles\ptrovatelli.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\8.5.35\tomcat-embed-core-8.5.35.jar