The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html cve-icon cve-icon
http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E cve-icon
http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7 cve-icon
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105 cve-icon
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 cve-icon
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37 cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10332 cve-icon cve-icon
https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-13935 cve-icon
https://security.netapp.com/advisory/ntap-20200724-0003/ cve-icon cve-icon
https://usn.ubuntu.com/4448-1/ cve-icon cve-icon
https://usn.ubuntu.com/4596-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-13935 cve-icon
https://www.debian.org/security/2020/dsa-4727 cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-07-14T15:00:21

Updated: 2024-08-04T12:32:14.307Z

Reserved: 2020-06-08T00:00:00

Link: CVE-2020-13935

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-14T15:15:11.070

Modified: 2023-11-07T03:17:00.760

Link: CVE-2020-13935

cve-icon Redhat

Severity : Important

Publid Date: 2020-07-15T00:00:00Z

Links: CVE-2020-13935 - Bugzilla