CVE-2020-13935 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Denial of service |
| Description | An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1205 | tomcat9 | 9.0.35-1 | 9.0.37-1 | High | Fixed | |
| AVG-1204 | tomcat8 | 8.5.56-1 | 8.5.57-1 | High | Fixed |