Description
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin Nextend Twitter Connect Cross-Site Scripting (1.5.0)
Contao Improper Privilege Management Vulnerability (CVE-2021-37627)
WordPress Plugin MailPoet-emails and newsletters in WordPress Cross-Site Scripting (3.23.1)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.9)