7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-0199

GHSA ID

GHSA-qcxh-w3j9-58qr

EPSS Score

0.98332%

CWE

CWE-400

Published

6/15/2020

Updated

12/8/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-0199

CVE-2019-0199: Apache Tomcat Denial of Service vulnerability

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

(GitHub Advisory)

7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-0199

GHSA ID

GHSA-qcxh-w3j9-58qr

EPSS Score

0.98332%

CWE

CWE-400

Published

6/15/2020

Updated

12/8/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 9.0.0, < 9.0.16	9.0.16
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 8.0.0, < 8.5.38	8.5.38

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

T** *TTP/* impl*m*nt*tion in *p**** Tom**t *.*.*.M* to *.*.** *n* *.*.* to *.*.** ****pt** str**ms wit* *x**ssiv* num**rs o* S*TTIN*S *r*m*s *n* *lso p*rmitt** *li*nts to k**p str**ms op*n wit*out r***in*/writin* r*qu*st/r*spons* **t*. *y k**pin* str

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2019-0199: Apache Tomcat Denial of Service vulnerability

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI