VYPR
High severityNVD Advisory· Published Jul 14, 2020· Updated Aug 4, 2024

CVE-2020-13935

CVE-2020-13935

Description

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 10.0.0-M1, < 10.0.0-M710.0.0-M7
org.apache.tomcat:tomcatMaven
>= 9.0.0.M1, < 9.0.379.0.37
org.apache.tomcat:tomcatMaven
>= 8.5.0, < 8.5.578.5.57
org.apache.tomcat:tomcatMaven
>= 7.0.27, < 7.0.1057.0.105
org.apache.tomcat.embed:tomcat-embed-websocketMaven
>= 7.0.27, < 7.0.1057.0.105
org.apache.tomcat.embed:tomcat-embed-websocketMaven
>= 8.5.0, < 8.5.578.5.57
org.apache.tomcat.embed:tomcat-embed-websocketMaven
>= 9.0.0.M1, < 9.0.379.0.37
org.apache.tomcat.embed:tomcat-embed-websocketMaven
>= 10.0.0-M1, < 10.0.0-M710.0.0-M7
org.apache.tomcat:tomcat-websocketMaven
>= 10.0.0-M1, < 10.0.0-M710.0.0-M7
org.apache.tomcat:tomcat-websocketMaven
>= 9.0.0.M1, < 9.0.379.0.37
org.apache.tomcat:tomcat-websocketMaven
>= 8.5.0, < 8.5.578.5.57
org.apache.tomcat:tomcat-websocketMaven
>= 7.0.27, < 7.0.1057.0.105

Affected products

34

Patches

Vulnerability mechanics

References

32

News mentions

0

No linked articles in our index yet.