7.5

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version >= 7.0.27 <= 7.0.104
ApacheTomcat Version >= 8.5.0 <= 8.5.56
ApacheTomcat Version >= 9.0.1 <= 9.0.36
ApacheTomcat Version9.0.0 Updatemilestone1
ApacheTomcat Version9.0.0 Updatemilestone10
ApacheTomcat Version9.0.0 Updatemilestone11
ApacheTomcat Version9.0.0 Updatemilestone12
ApacheTomcat Version9.0.0 Updatemilestone13
ApacheTomcat Version9.0.0 Updatemilestone14
ApacheTomcat Version9.0.0 Updatemilestone15
ApacheTomcat Version9.0.0 Updatemilestone16
ApacheTomcat Version9.0.0 Updatemilestone17
ApacheTomcat Version9.0.0 Updatemilestone18
ApacheTomcat Version9.0.0 Updatemilestone19
ApacheTomcat Version9.0.0 Updatemilestone2
ApacheTomcat Version9.0.0 Updatemilestone20
ApacheTomcat Version9.0.0 Updatemilestone21
ApacheTomcat Version9.0.0 Updatemilestone22
ApacheTomcat Version9.0.0 Updatemilestone23
ApacheTomcat Version9.0.0 Updatemilestone24
ApacheTomcat Version9.0.0 Updatemilestone25
ApacheTomcat Version9.0.0 Updatemilestone26
ApacheTomcat Version9.0.0 Updatemilestone27
ApacheTomcat Version9.0.0 Updatemilestone3
ApacheTomcat Version9.0.0 Updatemilestone4
ApacheTomcat Version9.0.0 Updatemilestone5
ApacheTomcat Version9.0.0 Updatemilestone6
ApacheTomcat Version9.0.0 Updatemilestone7
ApacheTomcat Version9.0.0 Updatemilestone8
ApacheTomcat Version9.0.0 Updatemilestone9
ApacheTomcat Version10.0.0 Updatemilestone1
ApacheTomcat Version10.0.0 Updatemilestone2
ApacheTomcat Version10.0.0 Updatemilestone3
ApacheTomcat Version10.0.0 Updatemilestone4
ApacheTomcat Version10.0.0 Updatemilestone5
ApacheTomcat Version10.0.0 Updatemilestone6
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NetappOncommand System Manager Version >= 3.0.0 <= 3.1.3
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version20.04 SwEditionlts
McafeeEpolicy Orchestrator Version5.9.0
McafeeEpolicy Orchestrator Version5.9.1
McafeeEpolicy Orchestrator Version5.10.0 Update-
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_1
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_2
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_3
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_4
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_5
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_6
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_7
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_8
OracleAgile Plm Version9.3.3
OracleAgile Plm Version9.3.5
OracleAgile Plm Version9.3.6
OracleBlockchain Platform Version < 21.1.2
OracleCommerce Guided Search Version11.3.2
OracleFmw Platform Version12.2.1.3.0
OracleFmw Platform Version12.2.1.4.0
OracleManaged File Transfer Version12.2.1.3.0
OracleManaged File Transfer Version12.2.1.4.0
OracleMysql Enterprise Monitor Version <= 8.0.21
OracleSiebel Ui Framework Version <= 20.12
OracleWorkload Manager Version12.2.0.1
OracleWorkload Manager Version18c
OracleWorkload Manager Version19c
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 92.02% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory
Not Applicable
https://usn.ubuntu.com/4448-1/
Third Party Advisory
https://usn.ubuntu.com/4596-1/
Third Party Advisory