Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-11996

Опубликовано: 26 июн. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Средний

Описание

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 8.5.0 (включая) до 8.5.55 (включая)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.35 (включая)
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Версия до 8.0.21 (включая)
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
Версия до 20.12 (включая)
cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.31135
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2020-11996

CVSS3: 7.5
ubuntu
около 5 лет назад

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

redhat логотип

CVE-2020-11996

CVSS3: 7.5
redhat
около 5 лет назад

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

debian логотип

CVE-2020-11996

CVSS3: 7.5
debian
около 5 лет назад

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...

suse-cvrf логотип

openSUSE-SU-2020:1063-1

suse-cvrf
около 5 лет назад

Security update for tomcat

suse-cvrf логотип

openSUSE-SU-2020:1051-1

suse-cvrf
около 5 лет назад

Security update for tomcat

EPSS

Процентиль: 97%
0.31135
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo