https://bugzilla.redhat.com/show_bug.cgi?id=1693325
--- Doc Text *updated* by Paramvir jindal pjindal@redhat.com --- A flaw was found in Apache Tomcat where HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open which enables them to cause server-side threads to block and eventually leading to a DoS attack.