AVG-1204 log
| Package | tomcat8 |
| Status | Fixed |
| Severity | High |
| Type | denial of service |
| Affected | 8.5.56-1 |
| Fixed | 8.5.57-1 |
| Current | 8.5.100-2 [extra] |
| Ticket | None |
| Created | Tue Jul 14 15:42:27 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-13935 | High | Yes | Denial of service | An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the... |
| CVE-2020-13934 | High | Yes | Denial of service | An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid... |
| References |
|---|
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 |