5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)False Positive:
This strike exploits an infinite loop vulnerability in the WebSocket module of Apache Tomcat. The vulnerability is caused by improper validations of the extended payload length. A remote, unauthenticated attacker can send crafted WebSocket requests to the server resulting in each of the worker nodes entering an infinite loop; multiple such requests could lead to a denial of service. Note: The strike in one-arm mode uses a specific path /examples/websocket/echoAnnotation to perform the exploitation. This path points to the WebSocket examples included with Tomcat.