Re: [SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header

2025-04-29 Thread Mark Thomas
On 29/04/2025 08:16, Zdeněk Henek wrote: Hi, I have looked at the commits and all have in changes http2. Is this an issue in case we don't use http2? No. It only affects h2/h2c. Mark Thank you. Regards, Zdenek Henek On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote: CVE-2025-31650 Apa

Re: [SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header

2025-04-29 Thread Zdeněk Henek
Hi, I have looked at the commits and all have in changes http2. Is this an issue in case we don't use http2? Thank you. Regards, Zdenek Henek On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote: > CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header > > Severity: High > > V

[SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header

2025-04-28 Thread Mark Thomas
CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M2 to 11.0.5 Apache Tomcat 10.1.10 to 10.1.39 Apache Tomcat 9.0.76 to 9.0.102 Description: Incorrect error handling for some i