Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-13934

Published: 14/07/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

An issue has been found in Apache Tomcat prior to 8.5.57 and prior to 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 9.0.0

apache tomcat 10.0.0

apache tomcat

debian debian linux 9.0

debian debian linux 10.0

netapp oncommand system manager

opensuse leap 15.1

opensuse leap 15.2

canonical ubuntu linux 20.04

oracle managed file transfer 12.2.1.3.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle agile plm 9.3.3

oracle agile plm 9.3.5

oracle agile plm 9.3.6

oracle workload manager 18c

oracle workload manager 19c

oracle workload manager 12.2.0.1

oracle agile engineering data management 6.2.1.0

oracle siebel ui framework

oracle mysql enterprise monitor

oracle managed file transfer 12.2.1.4.0

oracle fmw platform 12.2.1.4.0

oracle fmw platform 12.2.1.3.0

oracle communications instant messaging server 10.0.1.5.0

Vendor Advisories

Red Hat: Important: Red Hat JBoss Web Server 5.3.2 security update
Synopsis Important: Red Hat JBoss Web Server 532 security update Type/Severity Security Advisory: Important Topic Updated Red Hat JBoss Web Server 532 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and WindowsRed Hat Product Security ha ...
Red Hat: Important: Red Hat JBoss Web Server 5.3.2 security update
Synopsis Important: Red Hat JBoss Web Server 532 security update Type/Severity Security Advisory: Important Topic Updated Red Hat JBoss Web Server 532 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated ...
Red Hat: Important: Red Hat support for Spring Boot 2.2.6.SP2 security update
Synopsis Important: Red Hat support for Spring Boot 226SP2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Debian Security Advisories: DSA-4727-1 tomcat9 -- security update
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u2 We recommend that you upgrade your tomcat9 packages For the detailed security status of tomcat9 please refer to it ...
Amazon Linux AMI: ALAS-2020-1409
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 1000-M1 to 1000-M6, 900M1 to 9036, 850 to 8556 and 7027 to 70104 Invalid payload lengths could trigger an infinite loop Multiple requests with invalid payload lengths could lead to a denial of service (CVE-2020-13935) An h2c direct connection to ...
Arch Linux Issues:
An issue has been found in Apache Tomcat before 8557 and before 9037, where the payload length in a WebSocket frame was not correctly validated Invalid payload lengths could trigger an infinite loop Multiple requests with invalid payload lengths could lead to a denial of service ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-20330, CVE-2020-7676, CVE-2020-8840, CVE-2020-11022, CVE-2020-11023, CVE-2020-11619, CVE-2020-13444, CVE-2020-13445, CVE-2020-13934, CVE-2020-13935 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

References

CWE-476CWE-401https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3Ehttps://www.debian.org/security/2020/dsa-4727https://lists.debian.org/debian-lts-announce/2020/07/msg00017.htmlhttps://security.netapp.com/advisory/ntap-20200724-0003/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://usn.ubuntu.com/4596-1/https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8%40%3Cdev.tomcat.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:3308https://www.debian.org/security/2020/dsa-4727https://security.archlinux.org/CVE-2020-13934
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook