CVE-2020-11996

CVE-2020-11996

maven/org.apache.tomcat/coyote

Uncontrolled Resource Consumption

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

All versions starting from 8.5.0 up to 8.5.55, all versions starting from 9.0.0 up to 9.0.36

Upgrade to versions 8.5.56, 9.0.36 or above.

2020-07-03