Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-13935  

An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Source
Severity High

Remote Yes

Type Denial of service

Description 

An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h4c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

AVG-1205 tomcat9 9.0.35-1 High Vulnerable

AVG-1204 tomcat8 8.5.56-1 High Vulnerable 

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57
https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started