The host is installed with Apache Tomcat 8.5.x to 8.5.6 or 9.x to 9.0.0.M11 and is prone to a denial of service vulnerability. A flaw is present in the application which fails to handle an infinite loop if a header was received that was larger than the available buffer. Successful exploitation allows attackers to perform denial of service attack.