Medium
Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds.
Denial of service
Apache Tomcat
Upgrade to the latest version of Tomcat (10.0.0-M6, 9.0.36, 8.5.56 or later).