Maven package
org.apache.tomcat/tomcat-websocket
pkg:maven/org.apache.tomcat/tomcat-websocket
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23672 | — | >= 11.0.0-M1, < 11.0.0-M17 | 11.0.0-M17 | Mar 13, 2024 | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through | ||
| CVE-2020-13935 | — | >= 10.0.0-M1, < 10.0.0-M7 | 10.0.0-M7 | Jul 14, 2020 | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea |
- CVE-2024-23672Mar 13, 2024affected >= 11.0.0-M1, < 11.0.0-M17fixed 11.0.0-M17
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through
- CVE-2020-13935Jul 14, 2020affected >= 10.0.0-M1, < 10.0.0-M7fixed 10.0.0-M7
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea