| Package | tomcat8 |
|---|---|
| Version | 8.5.54-0+deb9u13 (stretch) |
A regression was discovered in the Http2UpgradeHandler class of Tomcat 8 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
For Debian 9 stretch, these problems have been fixed in version 8.5.54-0+deb9u13.
We recommend that you upgrade your tomcat8 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.