Published: 24/06/2020 Updated: 21/07/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079)

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache traffic server
debian debian linux 10.0

Debian Bug report logs - #963629 trafficserver: CVE-2020-9494 Package: src:trafficserver; Maintainer for src:trafficserver is Jean Baptiste Favre <debian@jbfavreorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Jun 2020 20:30:02 UTC Severity: important Tags: security, upstream Found in versi ...

Several security issues were fixed in Tomcat ...

A vulnerability was discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service via malformed HTTP/2 headers For the stable distribution (buster), this problem has been fixed in version 802+ds-1+deb10u3 We recommend that you upgrade your trafficserver packages For the detailed security statu ...

CWE-770 https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E https://www.debian.org/security/2020/dsa-4710 http://www.openwall.com/lists/oss-security/2021/03/01/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963629 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5360-1

CVE-2020-9494

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect