---

CVE-2020-13935 - log back

CVE-2020-13935 edited at 14 Jul 2020 15:45:22
References	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 + https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399

CVE-2020-13935 edited at 14 Jul 2020 15:44:17
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
References	+ https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 + https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
Notes

CVE-2020-13935 created at 14 Jul 2020 15:42:27