On 26/06/2020 13:35, Kasteleijn, Wilco wrote:
> Hello, we would like to know if this vulnerability is only applicable for
> usage of the coyote http connector?
It only applies when using the HTTP/2 protocol. That is only available
with an HTTP connector.
> We are using Tomcat 8.5.55 in combinati
Hello, we would like to know if this vulnerability is only applicable for usage
of the coyote http connector?
We are using Tomcat 8.5.55 in combination with a apache HTTPD proxy setup that
is connected via the AJP connector. Are we also affected in that case?
Regards, Wilco.
This message contai
CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M5
Apache Tomcat 9.0.0.M1 to 9.0.35
Apache Tomcat 8.5.0 to 8.5.55
Description:
A specially crafted sequence of HTTP/2 requests