Uploaded image for project: 'Policy Framework'
  1. Policy Framework
  2. POLICY-2724

policy/engine Apache Tomcat CVE-2020-13934 Denial of Service Vulnerability

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: Frankfurt Release
    • Labels:

      Description

      Short Summary: Apache Tomcat is prone to a denial-of-service vulnerability; fixes are available.

      Discussion: Apache Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It is freely available under the Apache Software License for various operating systems. Apache Tomcat is prone to a denial-of-service vulnerability due to an 'OutOfMemoryException' error. Specifically, this issue occurs because the 'h2c' direct-connection fails to release the 'HTTP/1.1' processor after the upgrade to 'HTTP/2'.Attackers may leverage this issue to cause denial-of-service conditions.The following versions are affected:Apache Tomcat 10.0.0-M1 through 10.0.0-M6 Apache Tomcat 9.0.0.M5 through 9.0.36 Apache Tomcat 8.5.1 through 8.5.56

      Solution: Updates are available. Please see the references or vendor advisory for more information

      CVE Numbers:
      CVE-2020-13934

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            uj426b Utkarsh Jauhari
            Reporter:
            jhh Jorge Hernandez
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: