Lucene search

K
cvelistApacheCVELIST:CVE-2020-13943
HistoryOct 12, 2020 - 1:46 p.m.

CVE-2020-13943

2020-10-1213:46:47
apache
www.cve.org

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

CNA Affected

[
  {
    "product": "Apache Tomcat",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37, 8.5.0 to 8.5.57"
      }
    ]
  }
]