Attacker Value
Unknown
CVE-2020-13935
CVE-2020-13935
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High
General Information
Vendors
- apache,
- canonical,
- debian,
- mcafee,
- netapp,
- opensuse,
- oracle
Products
- agile engineering data management 6.2.1.0,
- agile plm 9.3.3,
- agile plm 9.3.5,
- agile plm 9.3.6,
- blockchain platform,
- commerce guided search 11.3.2,
- communications cloud native core policy 1.14.0,
- communications instant messaging server 10.0.1.5.0,
- debian linux 10.0,
- debian linux 9.0,
- epolicy orchestrator 5.10.0,
- epolicy orchestrator 5.9.0,
- epolicy orchestrator 5.9.1,
- fmw platform 12.2.1.3.0,
- fmw platform 12.2.1.4.0,
- instantis enterprisetrack 17.1,
- instantis enterprisetrack 17.2,
- instantis enterprisetrack 17.3,
- leap 15.1,
- leap 15.2,
- managed file transfer 12.2.1.3.0,
- managed file transfer 12.2.1.4.0,
- mysql enterprise monitor,
- oncommand system manager,
- siebel ui framework,
- tomcat,
- tomcat 10.0.0,
- tomcat 9.0.0,
- ubuntu linux 16.04,
- ubuntu linux 20.04,
- workload manager 12.2.0.1,
- workload manager 18c,
- workload manager 19c
References
Advisory
Miscellaneous
