CVE-2019-0199Apache Tomcat 安全漏洞 发布时间:2019-02-08类型:CANstatus:Candidatephase:Assigned数据库:HTTP 漏洞描述Apache Tomcat是美国阿帕奇(Apache)软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. |
请发表评论