Lucene search

[email protected]NVD:CVE-2020-13943

HistoryOct 12, 2020 - 2:15 p.m.

CVE-2020-13943

2020-10-1214:15:12

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.0%

JSON

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Affected configurations

NVD

Node

apachetomcatMatch8.5.0

apachetomcatMatch8.5.1

apachetomcatMatch8.5.2

apachetomcatMatch8.5.3

apachetomcatMatch8.5.4

apachetomcatMatch8.5.5

apachetomcatMatch8.5.6

apachetomcatMatch8.5.7

apachetomcatMatch8.5.8

apachetomcatMatch8.5.9

apachetomcatMatch8.5.10

apachetomcatMatch8.5.11

apachetomcatMatch8.5.12

apachetomcatMatch8.5.13

apachetomcatMatch8.5.14

apachetomcatMatch8.5.15

apachetomcatMatch8.5.16

apachetomcatMatch8.5.17

apachetomcatMatch8.5.18

apachetomcatMatch8.5.19

apachetomcatMatch8.5.20

apachetomcatMatch8.5.21

apachetomcatMatch8.5.22

apachetomcatMatch8.5.23

apachetomcatMatch8.5.24

apachetomcatMatch8.5.25

apachetomcatMatch8.5.26

apachetomcatMatch8.5.27

apachetomcatMatch8.5.28

apachetomcatMatch8.5.29

apachetomcatMatch8.5.30

apachetomcatMatch8.5.31

apachetomcatMatch8.5.32

apachetomcatMatch8.5.33

apachetomcatMatch8.5.34

apachetomcatMatch8.5.35

apachetomcatMatch8.5.36

apachetomcatMatch8.5.37

apachetomcatMatch8.5.38

apachetomcatMatch8.5.39

apachetomcatMatch8.5.40

apachetomcatMatch8.5.41

apachetomcatMatch8.5.42

apachetomcatMatch8.5.43

apachetomcatMatch8.5.44

apachetomcatMatch8.5.45

apachetomcatMatch8.5.46

apachetomcatMatch8.5.47

apachetomcatMatch8.5.48

apachetomcatMatch8.5.49

apachetomcatMatch8.5.50

apachetomcatMatch8.5.51

apachetomcatMatch8.5.52

apachetomcatMatch8.5.53

apachetomcatMatch8.5.54

apachetomcatMatch8.5.55

apachetomcatMatch8.5.56

apachetomcatMatch8.5.57

apachetomcatMatch9.0.0milestone10

apachetomcatMatch9.0.0milestone11

apachetomcatMatch9.0.0milestone12

apachetomcatMatch9.0.0milestone13

apachetomcatMatch9.0.0milestone14

apachetomcatMatch9.0.0milestone15

apachetomcatMatch9.0.0milestone16

apachetomcatMatch9.0.0milestone17

apachetomcatMatch9.0.0milestone18

apachetomcatMatch9.0.0milestone19

apachetomcatMatch9.0.0milestone20

apachetomcatMatch9.0.0milestone21

apachetomcatMatch9.0.0milestone22

apachetomcatMatch9.0.0milestone23

apachetomcatMatch9.0.0milestone24

apachetomcatMatch9.0.0milestone25

apachetomcatMatch9.0.0milestone26

apachetomcatMatch9.0.0milestone27

apachetomcatMatch9.0.0milestone5

apachetomcatMatch9.0.0milestone6

apachetomcatMatch9.0.0milestone7

apachetomcatMatch9.0.0milestone8

apachetomcatMatch9.0.0milestone9

apachetomcatMatch9.0.1

apachetomcatMatch9.0.2

apachetomcatMatch9.0.3

apachetomcatMatch9.0.4

apachetomcatMatch9.0.5

apachetomcatMatch9.0.6

apachetomcatMatch9.0.7

apachetomcatMatch9.0.8

apachetomcatMatch9.0.9

apachetomcatMatch9.0.10

apachetomcatMatch9.0.11

apachetomcatMatch9.0.12

apachetomcatMatch9.0.13

apachetomcatMatch9.0.14

apachetomcatMatch9.0.15

apachetomcatMatch9.0.16

apachetomcatMatch9.0.17

apachetomcatMatch9.0.18

apachetomcatMatch9.0.19

apachetomcatMatch9.0.20

apachetomcatMatch9.0.21

apachetomcatMatch9.0.22

apachetomcatMatch9.0.23

apachetomcatMatch9.0.24

apachetomcatMatch9.0.25

apachetomcatMatch9.0.26

apachetomcatMatch9.0.27

apachetomcatMatch9.0.28

apachetomcatMatch9.0.29

apachetomcatMatch9.0.30

apachetomcatMatch9.0.31

apachetomcatMatch9.0.32

apachetomcatMatch9.0.33

apachetomcatMatch9.0.34

apachetomcatMatch9.0.35

apachetomcatMatch9.0.36

apachetomcatMatch9.0.37

apachetomcatMatch10.0.0milestone1

apachetomcatMatch10.0.0milestone2

apachetomcatMatch10.0.0milestone3

apachetomcatMatch10.0.0milestone4

apachetomcatMatch10.0.0milestone5

apachetomcatMatch10.0.0milestone6

apachetomcatMatch10.0.0milestone7

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oraclesd-wan_edgeMatch9.0

References

lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html

lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html

lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E

lists.debian.org/debian-lts-announce/2020/10/msg00019.html

security.netapp.com/advisory/ntap-20201016-0007/

www.debian.org/security/2021/dsa-4835

www.oracle.com/security-alerts/cpuApr2021.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.0%

JSON

Related for NVD:CVE-2020-13943

nessus22 ubuntucve1 osv6 prion1 openvas13 ibm6 cisa1 debiancve1 atlassian4 github1 tomcat3 mageia1 cve1 suse2 veracode2 debian2 redhatcve1 kaspersky1 f51 cvelist1 redhat4 photon5 ubuntu1 symantec1 oracle1