What is CVE-2019-10072?

CVE-2019-10072 is a vulnerability in Apache Tomcat. Published 2019-06-21.

Is CVE-2019-10072 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Tomcat

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (s…

EPSS: 0.713 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Tomcat — versions Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40

Public proof-of-concept exploits

References

108874 (vdb-entry, x_refsource_BID)
USN-4128-1 (vendor-advisory, x_refsource_UBUNTU)
USN-4128-2 (vendor-advisory, x_refsource_UBUNTU)
RHSA-2019:3929 (vendor-advisory, x_refsource_REDHAT)
RHSA-2019:3931 (vendor-advisory, x_refsource_REDHAT)
openSUSE-SU-2020:0038 (vendor-advisory, x_refsource_SUSE)
[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/ (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/ (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/ (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/ (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-10072?: CVE-2019-10072 is a vulnerability in Apache Tomcat. Published 2019-06-21.
Is CVE-2019-10072 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.