View Issue Details

IDProjectCategoryView StatusLast Update
0017660CentOS-7tomcatpublic2020-08-10 17:41
Reportersoto330 
PriorityhighSeveritymajorReproducibilityN/A
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0017660: CVE-2020-13935
Description CVE-2020-13935 was listed in RHEL and was found to affect tomcat in RHEL7.

https://access.redhat.com/security/cve/CVE-2020-13935

Not aware of the upstream of the tomcat package in CentOS but trying to get a resolution to the issue
Additional InformationCVE-2020-13935 Apache Tomcat WebSocket Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M1 to 9.0.36
Apache Tomcat 8.5.0 to 8.5.56
Apache Tomcat 7.0.27 to 7.0.104

Description:
The payload length in a WebSocket frame was not correctly validated.
Invalid payload lengths could trigger an infinite loop. Multiple
requests with invalid payload lengths could lead to a denial of service.

Mitigation:
- Upgrade to Apache Tomcat 10.0.0-M7 or later
- Upgrade to Apache Tomcat 9.0.37 or later
- Upgrade to Apache Tomcat 8.5.57 or later

Credit:
This issue was reported publicly via the Apache Tomcat Users mailing
list without reference to the potential for DoS. The DoS risks were
identified by the Apache Tomcat Security Team.

References:
[1] http://tomcat.apache.org/security-10.html
[2] http://tomcat.apache.org/security-9.html
[3] http://tomcat.apache.org/security-8.html

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E
TagsNo tags attached.
abrt_hash
URLhttps://access.redhat.com/security/cve/CVE-2020-13935

Activities

tigalch

tigalch

2020-08-10 15:31

manager   ~0037514

Once/if RH releases an updated tomcat version, CentOS will automatically inherit the fix.
soto330

soto330

2020-08-10 17:41

reporter   ~0037516

Thank you @tigalch

Issue History

Date Modified Username Field Change
2020-08-10 15:08 soto330 New Issue
2020-08-10 15:31 tigalch Note Added: 0037514
2020-08-10 17:41 soto330 Note Added: 0037516