BIT-tomcat-2020-11996

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2020-11996.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tomcat-2020-11996

Aliases

Published

2024-03-06T11:11:51.472Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.5.0

Fixed

8.5.55

Introduced

9.0.0

Fixed

9.0.35

Type: SEMVER
Events: Introduced

9.0.0-milestone1

Last affected

9.0.0-milestone1

Introduced

9.0.0-milestone10

Last affected

9.0.0-milestone10

Introduced

9.0.0-milestone11

Last affected

9.0.0-milestone11

Introduced

9.0.0-milestone12

Last affected

9.0.0-milestone12

Introduced

9.0.0-milestone13

Last affected

9.0.0-milestone13

Introduced

9.0.0-milestone14

Last affected

9.0.0-milestone14

Introduced

9.0.0-milestone15

Last affected

9.0.0-milestone15

Introduced

9.0.0-milestone16

Last affected

9.0.0-milestone16

Introduced

9.0.0-milestone17

Last affected

9.0.0-milestone17

Introduced

9.0.0-milestone18

Last affected

9.0.0-milestone18

Introduced

9.0.0-milestone19

Last affected

9.0.0-milestone19

Introduced

9.0.0-milestone2

Last affected

9.0.0-milestone2

Introduced

9.0.0-milestone20

Last affected

9.0.0-milestone20

Introduced

9.0.0-milestone21

Last affected

9.0.0-milestone21

Introduced

9.0.0-milestone22

Last affected

9.0.0-milestone22

Introduced

9.0.0-milestone23

Last affected

9.0.0-milestone23

Introduced

9.0.0-milestone24

Last affected

9.0.0-milestone24

Introduced

9.0.0-milestone25

Last affected

9.0.0-milestone25

Introduced

9.0.0-milestone26

Last affected

9.0.0-milestone26

Introduced

9.0.0-milestone27

Last affected

9.0.0-milestone27

Introduced

9.0.0-milestone3

Last affected

9.0.0-milestone3

Introduced

9.0.0-milestone4

Last affected

9.0.0-milestone4

Introduced

9.0.0-milestone5

Last affected

9.0.0-milestone5

Introduced

9.0.0-milestone6

Last affected

9.0.0-milestone6

Introduced

9.0.0-milestone7

Last affected

9.0.0-milestone7

Introduced

9.0.0-milestone8

Last affected

9.0.0-milestone8

Introduced

9.0.0-milestone9

Last affected

9.0.0-milestone9

Introduced

10.0.0-milestone1

Last affected

10.0.0-milestone1

Introduced

10.0.0-milestone2

Last affected

10.0.0-milestone2

Introduced

10.0.0-milestone3

Last affected

10.0.0-milestone3

Introduced

10.0.0-milestone4

Last affected

10.0.0-milestone4

Introduced

10.0.0-milestone5

Last affected

10.0.0-milestone5