A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | NVD-CWE-noinfo |
12 Mar 2021, 12:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4727 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9@%3Cnotifications.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c@%3Cnotifications.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200709-0002/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2@%3Cnotifications.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4596-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd@%3Cnotifications.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79@%3Cusers.tomcat.apache.org%3E - Mailing List, Vendor Advisory |
01 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-06-26 17:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-11996
Mitre link : CVE-2020-11996
CVE.ORG link : CVE-2020-11996
JSON object : View
Products Affected
oracle
- mysql_enterprise_monitor
- workload_manager
- siebel_ui_framework
apache
- tomcat
netapp
- oncommand_system_manager
opensuse
- leap
debian
- debian_linux
canonical
- ubuntu_linux
CWE