CVE-2020-13935 - log back

CVE-2020-13935 edited at 14 Jul 2020 15:45:22
References
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57
https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
+ https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399
CVE-2020-13935 edited at 14 Jul 2020 15:44:17
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
References
+ https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57
+ https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
Notes
CVE-2020-13935 created at 14 Jul 2020 15:42:27