Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.715
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-10072
  • Apache » Tomcat » Version: 8.5.0
    cpe:2.3:a:apache:tomcat:8.5.0
  • Apache » Tomcat » Version: 8.5.1
    cpe:2.3:a:apache:tomcat:8.5.1
  • Apache » Tomcat » Version: 8.5.10
    cpe:2.3:a:apache:tomcat:8.5.10
  • Apache » Tomcat » Version: 8.5.11
    cpe:2.3:a:apache:tomcat:8.5.11
  • Apache » Tomcat » Version: 8.5.12
    cpe:2.3:a:apache:tomcat:8.5.12
  • Apache » Tomcat » Version: 8.5.13
    cpe:2.3:a:apache:tomcat:8.5.13
  • Apache » Tomcat » Version: 8.5.14
    cpe:2.3:a:apache:tomcat:8.5.14
  • Apache » Tomcat » Version: 8.5.15
    cpe:2.3:a:apache:tomcat:8.5.15
  • Apache » Tomcat » Version: 8.5.16
    cpe:2.3:a:apache:tomcat:8.5.16
  • Apache » Tomcat » Version: 8.5.17
    cpe:2.3:a:apache:tomcat:8.5.17
  • Apache » Tomcat » Version: 8.5.18
    cpe:2.3:a:apache:tomcat:8.5.18
  • Apache » Tomcat » Version: 8.5.19
    cpe:2.3:a:apache:tomcat:8.5.19
  • Apache » Tomcat » Version: 8.5.2
    cpe:2.3:a:apache:tomcat:8.5.2
  • Apache » Tomcat » Version: 8.5.20
    cpe:2.3:a:apache:tomcat:8.5.20
  • Apache » Tomcat » Version: 8.5.21
    cpe:2.3:a:apache:tomcat:8.5.21
  • Apache » Tomcat » Version: 8.5.22
    cpe:2.3:a:apache:tomcat:8.5.22
  • Apache » Tomcat » Version: 8.5.23
    cpe:2.3:a:apache:tomcat:8.5.23
  • Apache » Tomcat » Version: 8.5.24
    cpe:2.3:a:apache:tomcat:8.5.24
  • Apache » Tomcat » Version: 8.5.25
    cpe:2.3:a:apache:tomcat:8.5.25
  • Apache » Tomcat » Version: 8.5.26
    cpe:2.3:a:apache:tomcat:8.5.26
  • Apache » Tomcat » Version: 8.5.27
    cpe:2.3:a:apache:tomcat:8.5.27
  • Apache » Tomcat » Version: 8.5.28
    cpe:2.3:a:apache:tomcat:8.5.28
  • Apache » Tomcat » Version: 8.5.29
    cpe:2.3:a:apache:tomcat:8.5.29
  • Apache » Tomcat » Version: 8.5.3
    cpe:2.3:a:apache:tomcat:8.5.3
  • Apache » Tomcat » Version: 8.5.30
    cpe:2.3:a:apache:tomcat:8.5.30
  • Apache » Tomcat » Version: 8.5.31
    cpe:2.3:a:apache:tomcat:8.5.31
  • Apache » Tomcat » Version: 8.5.32
    cpe:2.3:a:apache:tomcat:8.5.32
  • Apache » Tomcat » Version: 8.5.33
    cpe:2.3:a:apache:tomcat:8.5.33
  • Apache » Tomcat » Version: 8.5.34
    cpe:2.3:a:apache:tomcat:8.5.34
  • Apache » Tomcat » Version: 8.5.35
    cpe:2.3:a:apache:tomcat:8.5.35
  • Apache » Tomcat » Version: 8.5.36
    cpe:2.3:a:apache:tomcat:8.5.36
  • Apache » Tomcat » Version: 8.5.37
    cpe:2.3:a:apache:tomcat:8.5.37
  • Apache » Tomcat » Version: 8.5.38
    cpe:2.3:a:apache:tomcat:8.5.38
  • Apache » Tomcat » Version: 8.5.39
    cpe:2.3:a:apache:tomcat:8.5.39
  • Apache » Tomcat » Version: 8.5.4
    cpe:2.3:a:apache:tomcat:8.5.4
  • Apache » Tomcat » Version: 8.5.40
    cpe:2.3:a:apache:tomcat:8.5.40
  • Apache » Tomcat » Version: 8.5.5
    cpe:2.3:a:apache:tomcat:8.5.5
  • Apache » Tomcat » Version: 8.5.6
    cpe:2.3:a:apache:tomcat:8.5.6
  • Apache » Tomcat » Version: 8.5.7
    cpe:2.3:a:apache:tomcat:8.5.7
  • Apache » Tomcat » Version: 8.5.8
    cpe:2.3:a:apache:tomcat:8.5.8
  • Apache » Tomcat » Version: 8.5.9
    cpe:2.3:a:apache:tomcat:8.5.9
  • Apache » Tomcat » Version: 9.0.0
    cpe:2.3:a:apache:tomcat:9.0.0
  • Apache » Tomcat » Version: 9.0.1
    cpe:2.3:a:apache:tomcat:9.0.1
  • Apache » Tomcat » Version: 9.0.10
    cpe:2.3:a:apache:tomcat:9.0.10
  • Apache » Tomcat » Version: 9.0.11
    cpe:2.3:a:apache:tomcat:9.0.11
  • Apache » Tomcat » Version: 9.0.12
    cpe:2.3:a:apache:tomcat:9.0.12
  • Apache » Tomcat » Version: 9.0.13
    cpe:2.3:a:apache:tomcat:9.0.13
  • Apache » Tomcat » Version: 9.0.14
    cpe:2.3:a:apache:tomcat:9.0.14
  • Apache » Tomcat » Version: 9.0.15
    cpe:2.3:a:apache:tomcat:9.0.15
  • Apache » Tomcat » Version: 9.0.16
    cpe:2.3:a:apache:tomcat:9.0.16
  • Apache » Tomcat » Version: 9.0.17
    cpe:2.3:a:apache:tomcat:9.0.17
  • Apache » Tomcat » Version: 9.0.18
    cpe:2.3:a:apache:tomcat:9.0.18
  • Apache » Tomcat » Version: 9.0.19
    cpe:2.3:a:apache:tomcat:9.0.19
  • Apache » Tomcat » Version: 9.0.2
    cpe:2.3:a:apache:tomcat:9.0.2
  • Apache » Tomcat » Version: 9.0.3
    cpe:2.3:a:apache:tomcat:9.0.3
  • Apache » Tomcat » Version: 9.0.4
    cpe:2.3:a:apache:tomcat:9.0.4
  • Apache » Tomcat » Version: 9.0.5
    cpe:2.3:a:apache:tomcat:9.0.5
  • Apache » Tomcat » Version: 9.0.6
    cpe:2.3:a:apache:tomcat:9.0.6
  • Apache » Tomcat » Version: 9.0.7
    cpe:2.3:a:apache:tomcat:9.0.7
  • Apache » Tomcat » Version: 9.0.8
    cpe:2.3:a:apache:tomcat:9.0.8
  • Apache » Tomcat » Version: 9.0.9
    cpe:2.3:a:apache:tomcat:9.0.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved