*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Eduardo Barretto (ebarretto):
Hi Launchpad Team, An error related to handling HTTP/2 requests can be exploited to trigger high CPU usage and subsequently trigger a DoS condition. The vulnerability is reported in versions prior to 8.5.56 and prior to 9.0.36. References: 1. http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36 2. http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56 Solution: Update to version 8.5.56 or 9.0.36. This issue affects Ubuntu 18, and probably other versions as well. Please take appropriate measures. Kind regards, it0001 ** Affects: tomcat8 (Ubuntu) Importance: Undecided Status: New ** Tags: community-security -- Apache Tomcat HTTP/2 Denial of Service Vulnerability https://bugs.launchpad.net/bugs/1885738 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
