logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-13935

Description

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.


Affected Software


CPE Name Name Version
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 10.0.0
apache:tomcat apache tomcat 10.0.0
apache:tomcat apache tomcat 10.0.0
apache:tomcat apache tomcat 7.0.104
apache:tomcat apache tomcat 8.5.56
apache:tomcat apache tomcat 9.0.36
apache:tomcat apache tomcat 10.0.0
apache:tomcat apache tomcat 10.0.0
apache:tomcat apache tomcat 10.0.0
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
netapp:oncommand_system_manager netapp oncommand system manager 3.1.3
opensuse:leap opensuse leap 15.1
opensuse:leap opensuse leap 15.2
canonical:ubuntu_linux canonical ubuntu linux 20.04
canonical:ubuntu_linux canonical ubuntu linux 16.04
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.9.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.9.1
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
mcafee:epolicy_orchestrator mcafee epolicy orchestrator 5.10.0
oracle:managed_file_transfer oracle managed file transfer 12.2.1.3.0
oracle:instantis_enterprisetrack oracle instantis enterprisetrack 17.1
oracle:instantis_enterprisetrack oracle instantis enterprisetrack 17.2
oracle:instantis_enterprisetrack oracle instantis enterprisetrack 17.3
oracle:agile_plm oracle agile plm 9.3.3
oracle:agile_plm oracle agile plm 9.3.5
oracle:agile_plm oracle agile plm 9.3.6
oracle:workload_manager oracle workload manager 18c
oracle:workload_manager oracle workload manager 19c
oracle:workload_manager oracle workload manager 12.2.0.1
oracle:agile_engineering_data_management oracle agile engineering data management 6.2.1.0
oracle:blockchain_platform oracle blockchain platform 21.1.2
oracle:commerce_guided_search oracle commerce guided search 11.3.2
oracle:communications_cloud_native_core_policy oracle communications cloud native core policy 1.14.0
oracle:communications_instant_messaging_server oracle communications instant messaging server 10.0.1.5.0
oracle:fmw_platform oracle fmw platform 12.2.1.3.0
oracle:fmw_platform oracle fmw platform 12.2.1.4.0
oracle:managed_file_transfer oracle managed file transfer 12.2.1.4.0
oracle:mysql_enterprise_monitor oracle mysql enterprise monitor 8.0.21
oracle:siebel_ui_framework oracle siebel ui framework 20.12

Related