View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017660||CentOS-7||tomcat||public||2020-08-10 15:08||2020-08-10 17:41|
|Target Version||Fixed in Version|
|Description|| CVE-2020-13935 was listed in RHEL and was found to affect tomcat in RHEL7.|
Not aware of the upstream of the tomcat package in CentOS but trying to get a resolution to the issue
|Additional Information||CVE-2020-13935 Apache Tomcat WebSocket Denial of Service|
Vendor: The Apache Software Foundation
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M1 to 9.0.36
Apache Tomcat 8.5.0 to 8.5.56
Apache Tomcat 7.0.27 to 7.0.104
The payload length in a WebSocket frame was not correctly validated.
Invalid payload lengths could trigger an infinite loop. Multiple
requests with invalid payload lengths could lead to a denial of service.
- Upgrade to Apache Tomcat 10.0.0-M7 or later
- Upgrade to Apache Tomcat 9.0.37 or later
- Upgrade to Apache Tomcat 8.5.57 or later
This issue was reported publicly via the Apache Tomcat Users mailing
list without reference to the potential for DoS. The DoS risks were
identified by the Apache Tomcat Security Team.
|Tags||No tags attached.|