AVG-1205 log

Package tomcat9
Status Fixed
Severity High
Type denial of service
Affected 9.0.35-1
Fixed 9.0.37-1
Current 9.0.39-2 [extra]
Ticket None
Created Tue Jul 14 15:45:03 2020
Issue Severity Remote Type Description
CVE-2020-13935 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the...
CVE-2020-13934 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid...
References
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37