---

CVE-2020-13934 - log back

CVE-2020-13934 edited at 14 Jul 2020 15:45:15
References	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e + https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d

CVE-2020-13934 edited at 14 Jul 2020 15:43:53
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
References	+ https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 + https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e
Notes

CVE-2020-13934 created at 14 Jul 2020 15:42:27