[jira] [Resolved] (TOMEE-4255) Port fix for CVE-2023-44487

Richard Zowalla (Jira) Thu, 12 Oct 2023 02:28:04 -0700


     [ 
https://issues.apache.org/jira/browse/TOMEE-4255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Richard Zowalla resolved TOMEE-4255.
------------------------------------
    Resolution: Fixed

> Port fix for CVE-2023-44487
> ---------------------------
>
>                 Key: TOMEE-4255
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4255
>             Project: TomEE
>          Issue Type: Dependency upgrade
>    Affects Versions: 9.1.0
>            Reporter: Richard Zowalla
>            Assignee: Richard Zowalla
>            Priority: Major
>             Fix For: 9.1.1
>
>
> Important: Denial of Service CVE-2023-44487
> Tomcat's HTTP/2 implementation was vulnerable to the rapid reset attack. The 
> denial of service typically manifested as an OutOfMemoryError.
> This was fixed with commit 76bb4bfb.
> This issue was reported to the Tomcat Security Team on 14 September 2023. The 
> issue was made public on 10 October 2023.
> Affects: 10.1.0-M1 to 10.1.13



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (TOMEE-4255) Port fix for CVE-2023-44487

Reply via email to