SynopsisApache Tomcat 10.0.0-M1 < 10.0.0-M7 Denial of Service
DescriptionThe version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 or 7.0.0 to 7.0.104. It is, therefore, affected by two denial of service vulnerabilities via WebSocket frame and HTTP/2 requests.
Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Tomcat version 10.0.0-M7 or later.