subject:"CVE\-2019\-0199 Apache Tomcat HTTP\/2 DoS"

Re: CVE-2019-0199 Apache Tomcat HTTP/2 DoS

2019-03-26 Thread Mark Thomas

On 26/03/2019 11:47, George Angeletos wrote: > Hello, > > Is an upgrade required for those who are not using the HTTP/2 protocol? No. CVE-2019-0199 only affects servers where HTTP/2 is enabled. Mark - To unsubscribe, e-mail: us

CVE-2019-0199 Apache Tomcat HTTP/2 DoS

2019-03-26 Thread George Angeletos

Hello, Is an upgrade required for those who are not using the HTTP/2 protocol? Many thanks George Angeletos

[SECURITY] CVE-2019-0199 Apache Tomcat HTTP/2 DoS

2019-03-25 Thread Mark Thomas

CVE-2019-0199 Apache Tomcat HTTP/2 DoS Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.14 Apache Tomcat 8.5.0 to 8.5.37 Description: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also