// For flags

CVE-2019-10072

Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

La solución para el CVE-2019-0199 estaba incompleta y no abordaba el agotamiento de la ventana de conexión HTTP/2 al escribir en de Apache Tomcat versiones desde 9.0.0.M1 hasta 9.0.19 y 8.5.0 hasta 8.5.40. Al no enviar mensajes de WINDOW_UPDATE para la ventana de conexión (stream 0), los clientes fueron habilitados para causar que los hilos (subprocesos) del lado del servidor se bloquearan eventualmente conllevando al agotamiento del hilo (subproceso) y a una DoS.

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Apache Tomcat. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of HTTP2 requests. A crafted HTTP2 request can create a deadlock on a worker thread. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

*Credits: John Simpson of Trend Micro Security Research
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-26 CVE Reserved
  • 2019-06-21 CVE Published
  • 2024-06-14 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-667: Improper Locking
CAPEC
References (22)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
>= 8.5.0 <= 8.5.40
Search vendor "Apache" for product "Tomcat" and version " >= 8.5.0 <= 8.5.40"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
>= 9.0.1 <= 9.0.19
Search vendor "Apache" for product "Tomcat" and version " >= 9.0.1 <= 9.0.19"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone1
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone10
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone11
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone12
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone13
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone14
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone15
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone16
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone17
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone18
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone19
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone2
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone20
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone21
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone22
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone23
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone24
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone25
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone26
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone27
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone3
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone4
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone5
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone6
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone7
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone8
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone9
Affected