CVE-2020-13935 log

Severity High
Remote Yes
Type Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1205 tomcat9 9.0.35-1 9.0.37-1 High Fixed
AVG-1204 tomcat8 8.5.56-1 8.5.57-1 High Fixed