4
CVSSv2

CVE-2020-13943

Published: 12/10/2020 Updated: 06/11/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Apache Tomcat could allow a remote malicious user to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to see the responses for unexpected resources, and use this information to launch further attacks against the affected system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 8.5.0

apache tomcat 8.5.1

apache tomcat 8.5.2

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 8.5.5

apache tomcat 8.5.6

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.9

apache tomcat 8.5.10

apache tomcat 8.5.11

apache tomcat 8.5.12

apache tomcat 8.5.13

apache tomcat 8.5.14

apache tomcat 8.5.15

apache tomcat 8.5.16

apache tomcat 8.5.17

apache tomcat 8.5.18

apache tomcat 8.5.19

apache tomcat 8.5.20

apache tomcat 8.5.21

apache tomcat 8.5.22

apache tomcat 8.5.23

apache tomcat 8.5.24

apache tomcat 8.5.25

apache tomcat 8.5.26

apache tomcat 8.5.27

apache tomcat 8.5.28

apache tomcat 8.5.29

apache tomcat 8.5.30

apache tomcat 8.5.31

apache tomcat 8.5.32

apache tomcat 8.5.33

apache tomcat 8.5.34

apache tomcat 8.5.35

apache tomcat 8.5.36

apache tomcat 8.5.37

apache tomcat 8.5.38

apache tomcat 8.5.39

apache tomcat 8.5.40

apache tomcat 8.5.41

apache tomcat 8.5.42

apache tomcat 8.5.43

apache tomcat 8.5.44

apache tomcat 8.5.45

apache tomcat 8.5.46

apache tomcat 8.5.47

apache tomcat 8.5.48

apache tomcat 8.5.49

apache tomcat 8.5.50

apache tomcat 8.5.51

apache tomcat 8.5.52

apache tomcat 8.5.53

apache tomcat 8.5.54

apache tomcat 8.5.55

apache tomcat 8.5.56

apache tomcat 8.5.57

apache tomcat 9.0.0

apache tomcat 9.0.1

apache tomcat 9.0.2

apache tomcat 9.0.3

apache tomcat 9.0.4

apache tomcat 9.0.5

apache tomcat 9.0.6

apache tomcat 9.0.7

apache tomcat 9.0.8

apache tomcat 9.0.9

apache tomcat 9.0.10

apache tomcat 9.0.11

apache tomcat 9.0.12

apache tomcat 9.0.13

apache tomcat 9.0.14

apache tomcat 9.0.15

apache tomcat 9.0.16

apache tomcat 9.0.17

apache tomcat 9.0.18

apache tomcat 9.0.19

apache tomcat 9.0.20

apache tomcat 9.0.21

apache tomcat 9.0.22

apache tomcat 9.0.23

apache tomcat 9.0.24

apache tomcat 9.0.25

apache tomcat 9.0.26

apache tomcat 9.0.27

apache tomcat 9.0.28

apache tomcat 9.0.29

apache tomcat 9.0.30

apache tomcat 9.0.31

apache tomcat 9.0.32

apache tomcat 9.0.33

apache tomcat 9.0.34

apache tomcat 9.0.35

apache tomcat 9.0.36

apache tomcat 9.0.37

apache tomcat 10.0.0

debian debian linux 9.0

Mailing Lists

CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 1000-M1 to 1000-M7 Apache Tomcat 900M5 to 9037 Apache Tomcat 851 to 8557 Description: If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violati ...