Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-11996  

A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Source
Severity Medium

Remote Yes

Type Denial of service

Description 

A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

AVG-1196 tomcat9 9.0.35-1 Medium Vulnerable

AVG-1197 tomcat8 8.5.55-1 8.5.56-1 Medium Fixed 

https://www.openwall.com/lists/oss-security/2020/06/25/6
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36
https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56
https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started