Lucene search

K
tomcatApache TomcatTOMCAT:C3F367059A3E9B8636ED41FF901D93F9
HistoryJul 05, 2020 - 12:00 a.m.

Fixed in Apache Tomcat 9.0.37

2020-07-0500:00:00
Apache Tomcat
tomcat.apache.org
51
apache tomcat
vulnerability
websocket
http/2
denial of service

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.912

Percentile

98.9%

Important: WebSocket DoS CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

This was fixed with commit 40fa74c7.

This issue was reported publicly via the Apache Bugzilla instance on 28 June 2020 and included references to high CPU but no specific reference to denial of service. The associated DoS risks were identified by the Apache Tomcat Security Team the same day. The issue was made public on 14 July 2020.

Affects: 9.0.0.M1 to 9.0.36

Moderate: HTTP/2 DoS CVE-2020-13934

An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

This was fixed with commit 172977f0.

This issue was reported publicly via the Apache Tomcat Users mailing list on 22 June 2020 without reference to the potential for DoS. After further discussion to identify the steps necessary to reproduce the issue, the root cause of the issue and the associated DoS risks were identified by the Apache Tomcat Security Team on 26 June 2020. The issue was made public on 14 July 2020.

Affects: 9.0.0.M5 to 9.0.36

Affected configurations

Vulners
Node
apachetomcatRange9.0.0.M1
OR
apachetomcatRange9.0.0.M5
OR
apachetomcatRange9.0.36
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.912

Percentile

98.9%