Identifier

CVE-2020-13935

Package Slug

maven/org.apache.tomcat.embed/tomcat-embed-websocket

Vulnerability

Loop with Unreachable Exit Condition (Infinite Loop)

Description

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Affected Versions

All versions starting from 7.0.27 up to 7.0.104, all versions starting from 8.5.0 up to 8.5.56, all versions starting from 9.0.0 up to 9.0.36, version 10.0.0

Solution

Upgrade to versions 7.0.105, 8.5.57, 9.0.37 or above.

Last Modified

2020-07-20

source