VYPR
Medium severity4.3NVD Advisory· Published Oct 12, 2020· Updated Jun 17, 2026

CVE-2020-13943

CVE-2020-13943

Description

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcat-coyoteMaven
>= 10.0.0-M1, < 10.0.0-M810.0.0-M8
org.apache.tomcat:tomcat-coyoteMaven
>= 9.0.0-M1, < 9.0.389.0.38
org.apache.tomcat:tomcat-coyoteMaven
>= 8.5.0, < 8.5.588.5.58

Affected products

17

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.