Back to search
CVE-2020-13935
Published: Jul 14, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache Tomcat | affected Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, 7.0.27 to 7.0.104 |
References
DSA-4727
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20200722 [SECURITY] [DLA 2286-1] tomcat8 security update
mailing-list
x_refsource_MLIST
openSUSE-SU-2020:1102
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1111
vendor-advisory
x_refsource_SUSE
USN-4448-1
vendor-advisory
x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200724-0003/
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10332
x_refsource_CONFIRM
USN-4596-1
vendor-advisory
x_refsource_UBUNTU
[tomcat-users] 20201118 Re: Strange crash-on-takeoff, Tomcat 7.0.104
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now