Lucene search
K

34 matches found

RedHat Linux
RedHat Linux
added 2020/08/04 11:31 a.m.90 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3.2 security update

Updated Red Hat JBoss Web Server 5.3.2 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

7.5CVSS6.7AI score0.87553EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/30 12:0 a.m.67 views

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1829)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56...

7.5CVSS7.3AI score0.87553EPSS
Exploits16References5
Tenable Nessus
Tenable Nessus
added 2020/07/30 12:0 a.m.49 views

Amazon Linux AMI : tomcat8 (ALAS-2020-1409)

The version of tomcat8 installed on the remote host is prior to 8.5.57-1.85. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1409 advisory. The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 t...

7.5CVSS7AI score0.87553EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.54 views

FreeBSD : Apache Tomcat -- Multiple Vulnerabilities (6a72eff7-ccd6-11ea-9172-4c72b94353b5)

The Apache Software Foundation reports : An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was...

7.5CVSS6.8AI score0.87553EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2020/07/17 12:0 a.m.808 views

Apache Tomcat 8.5.0 < 8.5.57 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.57. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.57security-8 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to...

7.5CVSS7AI score0.87553EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/07/17 12:0 a.m.226 views

Apache Tomcat 9.0.0.M1 < 9.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.37security-9 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to...

7.5CVSS7AI score0.87553EPSS
Exploits1References5
Veracode
Veracode
added 2020/07/15 7:48 a.m.33 views

Denial Of Service (DoS)

apache tomcat is vulnerable to denial of service. The HTTP/1.1 processor is not released after an upgrade to HTTP/2, allowing an attacker to cause a denial of service condition due to an OutOfMemoryException by sending a large number of upgrade requests...

7.5CVSS3.6AI score0.64124EPSS
Exploits0References17Affected Software4
RedhatCVE
RedhatCVE
added 2020/07/15 6:8 a.m.24 views

CVE-2020-13934

A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability i...

5CVSS7.2AI score0.64124EPSS
Exploits0References8
OSV
OSV
added 2020/07/14 3:15 p.m.31 views

CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

7.5CVSS7AI score
Exploits0References13
UbuntuCve
UbuntuCve
added 2020/07/14 3:15 p.m.167 views

CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

7.5CVSS7.1AI score0.64124EPSS
Exploits0References4
Prion
Prion
added 2020/07/14 3:15 p.m.28 views

Design/Logic Flaw

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

5CVSS7.2AI score0.64124EPSS
Exploits0References13Affected Software14
Debian CVE
Debian CVE
added 2020/07/14 2:59 p.m.33 views

CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

7.5CVSS8.7AI score0.64124EPSS
Exploits0
CVE
CVE
added 2020/07/14 2:59 p.m.626 views

CVE-2020-13934

CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...

7.5CVSS7.3AI score0.64124EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2020/07/14 2:59 p.m.35 views

CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

7.4AI score0.64124EPSS
Exploits0References13
Rows per page
Query Builder