Description
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Remediation
References
Related Vulnerabilities
GdeSlon Affiliate Shop Open Redirect (2.0)
Contact Form DB-Elementor Cross-Site Scripting (1.7)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20098)
Atlassian Jira Improper Authentication Vulnerability (CVE-2019-8443)
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18573)