subject:"CVE\-2020\-11996 Apache Tomcat HTTP\/2 Denial of Service"

Re: CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service

2020-06-26 Thread Mark Thomas

On 26/06/2020 13:35, Kasteleijn, Wilco wrote: > Hello, we would like to know if this vulnerability is only applicable for > usage of the coyote http connector? It only applies when using the HTTP/2 protocol. That is only available with an HTTP connector. > We are using Tomcat 8.5.55 in combinati

CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service

2020-06-26 Thread Kasteleijn, Wilco

Hello, we would like to know if this vulnerability is only applicable for usage of the coyote http connector? We are using Tomcat 8.5.55 in combination with a apache HTTPD proxy setup that is connected via the AJP connector. Are we also affected in that case? Regards, Wilco. This message contai

[SECURITY] CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service

2020-06-25 Thread Mark Thomas

CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M5 Apache Tomcat 9.0.0.M1 to 9.0.35 Apache Tomcat 8.5.0 to 8.5.55 Description: A specially crafted sequence of HTTP/2 requests