Apache Software Foundation has released new versions of Apache Tomcat 8.5 and 9 to address a vulnerability in the Apache Tomcat. A remote attacker may send a specially crafted sequence of HTTP/2 requests to exploit the vulnerability.
A successful exploitation of the vulnerability could lead to denial of service on an affected system.
Apache Software Foundation has released new version of the products to address the issue and they can be downloaded at the following URLs:
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36
https://www.hkcert.org/my_url/en/alert/20062901
https://www.us-cert.gov/ncas/current-activity/2020/06/26/apache-releases-security-advisory-apache-tomcat
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996