Rewterz Threat Advisory – CVE-2019-10072 – Apache Tomcat WINDOW_UPDATE Denial of Service Vulnerability

June 21, 2019

Severity

Medium

Analysis Summary

An error related to the connection window when handling WINDOW_UPDATE messages can be exploited to exhaust available server-side threads and subsequently cause a DoS condition.

Impact

Denial of Service

Affected Vendors

Apache Foundation

Affected Products

Apache Tomcat versions prior to 8.5.41.
Apache Tomcat versions prior to 9.0.20

Remediation

Update to version 9.0.20 or 8.5.41.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – PHOENIX CONTACT Automation Worx Software Suite Multiple Vulnerabilities

Rewterz Threat Alert – Ryuk Ransomware Adds Additional Features of IP Address and Computer Name Blacklisting