Threat Encyclopedia



This indicates an attack attempt to exploit a Denial of Service Vulnerability in Apache Software Foundation Tomcat.
The vulnerability is due to a failure to release the HTTP 1.1 processor after initiating a direct h2c connection.
A remote, unauthenticated attacker can exploit this vulnerability by initiating a large number of h2c connections to a vulnerable server. Successful exploitation results in the consumption of excessive amounts of memory, eventually leading to denial of service conditions.

affected-products-logoAffected Products

Apache Software Foundation Tomcat 8.5.0 to 8.5.56
Apache Software Foundation Tomcat 9.0.0.M1 to 9.0.36


Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References