37 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-11996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usag...
SUSE CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
Apache Tomcat Denial of Service (CVE-2020-11996)
A denial of service vulnerability exists in Apache Tomcat. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP2 packet to a vulnerable server. Successful exploitation of this vulnerability could result in denial of service conditions...
SUSE: Security Advisory (SUSE-SU-2020:1962-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1983-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JFrog < 7.7.0 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.7.0. It is, therefore, affected by multiple vulnerabilities: - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did no...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.4 security release
Updated Red Hat JBoss Web Server 5.4.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.4 security release
Red Hat JBoss Web Server 5.4.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.4 security (Moderate) (RHSA-2020:5170)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5170 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apac...
Ubuntu 20.04 LTS : Tomcat vulnerabilities (USN-4596-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4596-1 advisory. It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting...
USN-4596-1: Tomcat vulnerabilities
It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. CVE-2020-11996 It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/...
Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities.
Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-11996 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...
openSUSE Security Update : tomcat (openSUSE-2020-1063)
This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive...
openSUSE Security Update : tomcat (openSUSE-2020-1051)
This update for tomcat fixes the following issues : Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive...
Security update for tomcat (important)
openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2020:1063-1 Rating: important References: 1173389 Cross-References: CVE-2020-11996 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tomcat...
openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:1051-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:1051-1 Security update for tomcat
This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive...
SUSE-SU-2020:1983-1 Security update for tomcat
This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive...
Photon OS 3.0: Apache PHSA-2020-3.0-0114
An update of the apache package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0114. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid138812;...