CVE-2020-13934

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-07-2020 05:15

Last modified: - 01-03-2022 10:01

Total changes: - 8

Description

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=apache AND product=Tomcat AND versionEndIncluding=8.5.56 AND versionStartIncluding=8.5.1

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone10

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone11

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone12

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone13

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone14

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone15

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone16

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone17

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone18

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone19

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone20

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone21

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone22

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone23

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone24

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone25

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone26

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone27

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone5

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone6

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone7

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone8

vendor=apache AND product=Tomcat AND version=9.0.0 AND update=milestone9

vendor=apache AND product=Tomcat AND versionEndIncluding=9.0.36 AND versionStartIncluding=9.0.1

vendor=apache AND product=Tomcat AND version=10.0.0 AND update=milestone1

vendor=apache AND product=Tomcat AND version=10.0.0 AND update=milestone2

vendor=apache AND product=Tomcat AND version=10.0.0 AND update=milestone3

vendor=apache AND product=Tomcat AND version=10.0.0 AND update=milestone4

vendor=apache AND product=Tomcat AND version=10.0.0 AND update=milestone5

vendor=apache AND product=Tomcat AND version=10.0.0 AND update=milestone6

vendor=Debian AND product=debian_linux AND version=9.0

vendor=Debian AND product=debian_linux AND version=10.0

vendor=netapp AND product=oncommand_system_manager AND versionEndIncluding=3.1.3 AND versionStartIncluding=3.0.0

vendor=opensuse AND product=leap AND version=15.1

vendor=opensuse AND product=leap AND version=15.2

vendor=canonical AND product=ubuntu_linux AND version=20.04 AND software_edition=lts

vendor=oracle AND product=agile_engineering_data_management AND version=6.2.1.0

vendor=oracle AND product=agile_plm AND version=9.3.3

vendor=oracle AND product=agile_plm AND version=9.3.5

vendor=oracle AND product=agile_plm AND version=9.3.6

vendor=oracle AND product=communications_instant_messaging_server AND version=10.0.1.5.0

vendor=oracle AND product=fmw_platform AND version=12.2.1.3.0

vendor=oracle AND product=fmw_platform AND version=12.2.1.4.0

vendor=oracle AND product=instantis_enterprisetrack AND version=17.1

vendor=oracle AND product=instantis_enterprisetrack AND version=17.2

vendor=oracle AND product=instantis_enterprisetrack AND version=17.3

vendor=oracle AND product=managed_file_transfer AND version=12.2.1.3.0

vendor=oracle AND product=managed_file_transfer AND version=12.2.1.4.0

vendor=oracle AND product=mysql_enterprise_monitor AND versionEndIncluding=8.0.21

vendor=oracle AND product=siebel_ui_framework AND versionEndIncluding=20.12

vendor=oracle AND product=workload_manager AND version=12.2.0.1

vendor=oracle AND product=workload_manager AND version=18c

vendor=oracle AND product=workload_manager AND version=19c

Reference

https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E
DSA-4727-Third Party Advisory
[debian-lts-announce] 20200722 [SECURITY] [DLA 2286-1] tomcat8 security update-Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20200724-0003/
openSUSE-SU-2020:1102-Mailing List, Third Party Advisory
openSUSE-SU-2020:1111-Mailing List, Third Party Advisory
[tomcat-dev] 20200818 [Bug 64671] HTTP/2 Stream.receivedData method throwing continuous NullPointerException in the logs-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
USN-4596-1-Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
N/A-Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Keywords

CVE-2020-13934

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-13934

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures