CVE-2020-13943

Опубликовано: 12 окт. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4

CVSS3: 4.3

Описание

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	DNE
esm-apps/bionic	not-affected	code not present
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
esm-infra/xenial	not-affected	code not present
focal	DNE
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	not-affected	code not present
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-infra-legacy/trusty	DNE
focal	not-affected	code not present
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE
upstream	released	9.0.38-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%

0.09572

Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-13943

CVSS3: 5.3

redhat

почти 5 лет назад

CVE-2020-13943

CVSS3: 4.3

nvd

почти 5 лет назад

CVE-2020-13943

CVSS3: 4.3

debian

почти 5 лет назад

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...

openSUSE-SU-2020:1842-1

suse-cvrf

почти 5 лет назад

Security update for tomcat

openSUSE-SU-2020:1799-1

suse-cvrf

почти 5 лет назад

Security update for tomcat

EPSS

Процентиль: 92%

0.09572

Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

CVE-2020-13943

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости