Ubuntu
tomcat8 package

  1. Bug #1885738
  2. Comment #0

Comment 0 for bug 1885738

Revision history for this message
it0001 (it0001-escrypt) wrote :

Hi Launchpad Team,

An error related to handling HTTP/2 requests can be exploited to trigger high CPU usage and subsequently trigger a DoS condition.

The vulnerability is reported in versions prior to 8.5.56 and prior to 9.0.36.

References:

1. http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36
2. http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56

Solution:

Update to version 8.5.56 or 9.0.36.

Please take appropriate measures.

Kind regards,

it0001