4
CVSSv2

CVE-2020-13943

Published: 12/10/2020 Updated: 31/01/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 8.5.2

apache tomcat 8.5.9

apache tomcat 8.5.4

apache tomcat 8.5.0

apache tomcat 8.5.15

apache tomcat 8.5.10

apache tomcat 8.5.13

apache tomcat 8.5.14

apache tomcat 8.5.5

apache tomcat 8.5.3

apache tomcat 8.5.6

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.12

apache tomcat 8.5.11

apache tomcat 8.5.1

apache tomcat 8.5.16

apache tomcat 8.5.17

apache tomcat 8.5.18

apache tomcat 8.5.19

apache tomcat 8.5.20

apache tomcat 8.5.21

apache tomcat 8.5.22

apache tomcat 9.0.1

apache tomcat 9.0.2

apache tomcat 9.0.3

apache tomcat 9.0.4

apache tomcat 9.0.0

apache tomcat 10.0.0

apache tomcat 9.0.5

apache tomcat 9.0.6

apache tomcat 9.0.7

apache tomcat 9.0.8

apache tomcat 9.0.9

apache tomcat 9.0.10

apache tomcat 9.0.11

apache tomcat 9.0.12

apache tomcat 9.0.13

apache tomcat 9.0.14

apache tomcat 9.0.15

apache tomcat 9.0.16

apache tomcat 9.0.17

apache tomcat 9.0.18

apache tomcat 9.0.19

apache tomcat 9.0.20

apache tomcat 9.0.21

apache tomcat 9.0.22

apache tomcat 9.0.23

apache tomcat 9.0.24

apache tomcat 9.0.25

apache tomcat 9.0.26

apache tomcat 9.0.27

apache tomcat 9.0.28

apache tomcat 9.0.29

apache tomcat 9.0.30

apache tomcat 9.0.31

apache tomcat 9.0.32

apache tomcat 9.0.33

apache tomcat 9.0.34

apache tomcat 9.0.35

apache tomcat 9.0.36

apache tomcat 9.0.37

apache tomcat 8.5.23

apache tomcat 8.5.24

apache tomcat 8.5.25

apache tomcat 8.5.26

apache tomcat 8.5.27

apache tomcat 8.5.28

apache tomcat 8.5.29

apache tomcat 8.5.30

apache tomcat 8.5.31

apache tomcat 8.5.32

apache tomcat 8.5.33

apache tomcat 8.5.34

apache tomcat 8.5.35

apache tomcat 8.5.36

apache tomcat 8.5.37

apache tomcat 8.5.38

apache tomcat 8.5.39

apache tomcat 8.5.40

apache tomcat 8.5.41

apache tomcat 8.5.42

apache tomcat 8.5.43

apache tomcat 8.5.44

apache tomcat 8.5.45

apache tomcat 8.5.46

apache tomcat 8.5.47

apache tomcat 8.5.48

apache tomcat 8.5.49

apache tomcat 8.5.50

apache tomcat 8.5.51

apache tomcat 8.5.52

apache tomcat 8.5.53

apache tomcat 8.5.54

apache tomcat 8.5.55

apache tomcat 8.5.56

apache tomcat 8.5.57

debian debian linux 9.0

debian debian linux 10.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle sd-wan edge 9.0

Vendor Advisories

Synopsis Moderate: Red Hat JBoss Web Server 541 Security Update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 541 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and WindowsRed Hat Product Security has rated this release as having a sec ...
Synopsis Moderate: Red Hat JBoss Web Server 541 Security Update Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 541 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated this release as having a secur ...
Several security issues were fixed in Tomcat ...
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u3 We recommend that you upgrade your tomcat9 packages For the detailed security status of tomcat9 please refer to its security tracke ...
If an HTTP/2 client connecting to Apache Tomcat 1000-M1 to 1000-M7, 900M1 to 9037 or 850 to 8557 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers ...

Mailing Lists

CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 1000-M1 to 1000-M7 Apache Tomcat 900M5 to 9037 Apache Tomcat 851 to 8557 Description: If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violati ...