AVG-1205 log
| Package | tomcat9 |
| Status | Fixed |
| Severity | High |
| Type | denial of service |
| Affected | 9.0.35-1 |
| Fixed | 9.0.37-1 |
| Current | 9.0.88-1 [extra] |
| Ticket | None |
| Created | Tue Jul 14 15:45:03 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-13935 | High | Yes | Denial of service | An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the... |
| CVE-2020-13934 | High | Yes | Denial of service | An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid... |
| References |
|---|
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37 |