Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://lists.apache.o...
MLIST: [ofbiz-commits] 202006...
MLIST: [ofbiz-commits] 202006...
MLIST: [ofbiz-commits] 202006...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-4727
SUSE: openSUSE-SU-2020:1051
SUSE: openSUSE-SU-2020:1063
MLIST: [tomcat-users] 2020100...
MISC: https://www.oracle.com...
UBUNTU: USN-4596-1
MISC: https://www.oracle.com...
MLIST: [ofbiz-notifications] ...

Launchpad.net

CVE 2020-11996

Related bugs

References