On 20/06/2019 20:35, Amit Pande wrote:
> Could you please clarify:
>
> Affected versions 8.5.0 to 8.5.40
> Mitigation says: 8.5.40 or later
>
> What am I missing?
Nothing.
The affected versions are correct.
The mitigation is not. It should be 8.5.41 or later. I'll issue a
correction.
Thanks fo
Could you please clarify:
Affected versions 8.5.0 to 8.5.40
Mitigation says: 8.5.40 or later
What am I missing?
> On Jun 20, 2019, at 2:25 PM, Mark Thomas wrote:
>
> CVE-2019-10072 Apache Tomcat HTTP/2 DoS
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Aff
CVE-2019-10072 Apache Tomcat HTTP/2 DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.19
Apache Tomcat 8.5.0 to 8.5.40
Description:
The fix for CVE-2019-0199 was incomplete and did not address connection
window exhaustion on write. B
