HTTP2: Apache Tomcat HTTP2 h2c Memory Exhaustion 2
This signature detects attempts to exploit a known vulnerability against Apache Tomcat HTTP2 Server. A successful attack can result in a denial-of-service condition.
Extended Description
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
Affected Products
Oracle agile_plm
References
CVE: CVE-2020-13934
Short Name
HTTP2:APACHE-TOMCAT-H2C-DOS-2
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP2
Keywords
2 Apache CVE-2020-13934 Exhaustion HTTP2 Memory Tomcat h2c
Release Date
10/28/2021
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Opensuse
Oracle
Apache
Netapp
Debian
Canonical
CVSS Score
5.0