VYPR
High severityNVD Advisory· Published Jun 26, 2020· Updated Aug 4, 2024

CVE-2020-11996

CVE-2020-11996

Description

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 10.0.0-M1, < 10.0.0-M510.0.0-M5
org.apache.tomcat:tomcatMaven
>= 9.0.0.M1, < 9.0.359.0.35
org.apache.tomcat:tomcatMaven
>= 8.5.0, < 8.5.558.5.55
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 10.0.0-M1, < 10.0.0-M510.0.0-M5
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 9.0.0.M1, < 9.0.359.0.35
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.5.0, < 8.5.558.5.55

Affected products

20

Patches

Vulnerability mechanics

References

49

News mentions

0

No linked articles in our index yet.