A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability.

Mitigation

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.

References

mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105

tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57

tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37

bugzilla.redhat.com/show_bug.cgi?id=1857024

nvd.nist.gov/vuln/detail/CVE-2020-13935

www.cve.org/CVERecord?id=CVE-2020-13935

nessus 40

ibm 13

kaspersky 2

veracode 2

cvelist 2

f5 1

osv 2

tomcat 4

openvas 18

redhat 14

prion 2

githubexploit 1

debiancve 1

ubuntucve 1

github 1

cve 1

photon 5

cisa 1

centos 1

redhatcve 1

amazon 2

atlassian 4

ubuntu 2

mageia 1

oraclelinux 1

freebsd 1

debian 1

symantec 1

oracle 6

nessus

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2020-2401)

2020-11-03 00:00:00

Apache Tomcat 7.0.27 < 7.0.105

2020-07-23 00:00:00

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-2274)

2020-10-30 00:00:00

ibm

Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-13935

2022-01-25 07:37:12

Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.

2020-10-27 13:41:12

Security Bulletin: CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated

2020-11-05 19:55:39

kaspersky

KLA12084 DoS vulnerability in Apache Tomcat

2020-07-07 00:00:00

KLA12083 DoS vulnerabilities in Apache Tomcat

2020-07-05 00:00:00

veracode

Denial Of Service (DoS)

2020-07-15 08:18:40

Denial-of-Service (DoS)

2020-09-15 01:53:24

cvelist

CVE-2020-13935

2020-07-14 15:00:21

CVE-2020-14384

2020-09-09 13:17:28

K45026834 : Apache Tomcat vulnerability CVE-2020-13935

2020-08-27 00:00:00

osv

BIT-tomcat-2020-13935

2024-03-06 11:11:44

Infinite Loop in Apache Tomcat

2022-02-08 22:05:17

tomcat

Fixed in Apache Tomcat 7.0.105

2020-07-07 00:00:00

Fixed in Apache Tomcat 10.0.0-M7

2020-07-05 00:00:00

Fixed in Apache Tomcat 8.5.57

2020-07-05 00:00:00

openvas

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2274)

2020-10-30 00:00:00

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2401)

2020-11-04 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:2046-1)

2021-06-09 00:00:00

redhat

(RHSA-2020:3382) Important: Red Hat JBoss Enterprise Application Platform 6.4 security update

2020-08-10 11:16:43

(RHSA-2020:3383) Important: Red Hat JBoss Enterprise Application Platform 6.4 security update

2020-08-10 11:16:49

(RHSA-2020:3308) Important: Red Hat JBoss Web Server 5.3.2 security update

2020-08-04 11:35:57

prion

Denial of service

2020-07-14 15:15:00

Design/Logic Flaw

2020-09-09 14:15:00

githubexploit

Exploit for Infinite Loop in Apache Tomcat

2020-11-02 14:48:55

debiancve

CVE-2020-13935

2020-07-14 15:15:11

ubuntucve

CVE-2020-13935

2020-07-14 00:00:00

github

Infinite Loop in Apache Tomcat

2022-02-08 22:05:17

cve

CVE-2020-13935

2020-07-14 15:15:11

photon

Important Photon OS Security Update - PHSA-2020-0116

2020-07-20 00:00:00

Important Photon OS Security Update - PHSA-2020-3.0-0116

2020-07-20 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0309

2020-07-25 00:00:00

cisa

Apache Releases Security Advisories for Apache Tomcat

2020-07-14 00:00:00

centos

tomcat security update

2020-10-20 19:04:26

redhatcve

CVE-2020-14384

2020-09-03 22:19:33

amazon

Important: tomcat8

2020-07-27 23:58:00

Important: tomcat

2023-05-11 17:49:00

atlassian

Upgrade Tomcat to version 9.0.37

2020-06-29 13:40:00

Upgrade Tomcat to version 9.0.37

2020-06-29 13:40:00

Upgrade the bundled version of Apache Tomcat to 8.5.57

2020-07-17 15:19:11

ubuntu

Tomcat vulnerabilities

2020-08-04 00:00:00

Tomcat vulnerabilities

2020-10-21 00:00:00

mageia

Updated tomcat packages fix security vulnerability

2020-08-18 21:47:25

oraclelinux

tomcat security and bug fix update

2020-10-06 00:00:00

freebsd

Apache Tomcat -- Multiple Vulnerabilities

2020-07-05 00:00:00

debian

[SECURITY] [DSA 4627-1] tomcat9 security update

2020-07-17 18:07:40

symantec

Apache Tomcat Vulnerabilities May 2020 - Mar 2021

2021-03-16 19:59:07

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.153 Low

EPSS

Percentile

95.8%

JSON

Related for RH:CVE-2020-13935