tomcat9

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source implementation of the Java Servlet 4.0 and JavaServer Pages 2.3 technologies
Version 9.0.38-1 [testing]
9.0.37-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1205 9.0.35-1 9.0.37-1 High Fixed
AVG-1196 9.0.35-1 9.0.37-1 Medium Fixed
AVG-1171 9.0.31-1 9.0.35-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-13935 AVG-1205 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the...
CVE-2020-13934 AVG-1205 High Yes Denial of service
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid...
CVE-2020-11996 AVG-1196 Medium Yes Denial of service
A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU...
CVE-2020-9484 AVG-1171 High Yes Arbitrary code execution
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the...

Advisories

Date Advisory Group Severity Description
06 Jun 2020 ASA-202006-7 AVG-1171 High arbitrary code execution