what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2020-13935

Status Candidate

Overview

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Related Files

Ubuntu Security Notice USN-4596-1
Posted Oct 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-9484
MD5 | 9c7bf230e29a045c5b7a3d87aa96b325
Red Hat Security Advisory 2020-4004-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4004-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2019-17563, CVE-2020-13935
MD5 | 61f2360d0cf9ee3b7e1073164e87b130
Red Hat Security Advisory 2020-3806-01
Posted Sep 24, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3806-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.6.SP2 serves as a replacement for Red Hat support for Spring Boot 2.2.6.SP1, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-10688, CVE-2020-10693, CVE-2020-13934, CVE-2020-13935
MD5 | e03d7a44e0c0d90c25bb06b54ca272f8
Red Hat Security Advisory 2020-3383-01
Posted Aug 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3383-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is an update for JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2020-13935
MD5 | f6410d721cabef50d5751dc75362582d
Red Hat Security Advisory 2020-3382-01
Posted Aug 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3382-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is an update for JBoss Enterprise Application Platform 6.4. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to these updated packages. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2020-13935
MD5 | 814ef709bbaa551c16356286466e716f
Ubuntu Security Notice USN-4448-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-13935, CVE-2020-1935, CVE-2020-9484
MD5 | f490bd6674a82d8af4d84ba15996c17f
Red Hat Security Advisory 2020-3308-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3308-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2020-13934, CVE-2020-13935
MD5 | 64720b7761a12fb3a4767798c78ae258
Red Hat Security Advisory 2020-3306-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3306-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2020-13934, CVE-2020-13935
MD5 | caecac300e64d3b48adb292d24855b6f
Red Hat Security Advisory 2020-3305-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3305-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-1935
MD5 | 6e1799e37ce5f20ef4e6ad6d064b44c3
Red Hat Security Advisory 2020-3303-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3303-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-1935
MD5 | c3f05082eb8212198cca368d8f048dc0
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close