Lucene search

K
cvelistApacheCVELIST:CVE-2020-13934
HistoryJul 14, 2020 - 2:59 p.m.

CVE-2020-13934

2020-07-1414:59:11
apache
www.cve.org
12
apache tomcat
direct connection
vulnerability
outofmemoryexception
denial of service

AI Score

7.4

Confidence

High

EPSS

0.912

Percentile

98.9%

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

CNA Affected

[
  {
    "product": "Apache Tomcat",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36, 8.5.1 to 8.5.56"
      }
    ]
  }
]