An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Mar 2022, 21:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Netapp oncommand System Manager Oracle Oracle agile Plm Oracle siebel Ui Framework Canonical ubuntu Linux Netapp Canonical Oracle mysql Enterprise Monitor Oracle fmw Platform Oracle managed File Transfer Oracle communications Instant Messaging Server Debian Oracle instantis Enterprisetrack Oracle agile Engineering Data Management Opensuse leap Oracle workload Manager Opensuse |
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4727 - Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4596-1/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200724-0003/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html - Mailing List, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-476 CWE-401 |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-14 15:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-13934
Mitre link : CVE-2020-13934
CVE.ORG link : CVE-2020-13934
JSON object : View
Products Affected
oracle
- fmw_platform
- agile_plm
- instantis_enterprisetrack
- managed_file_transfer
- agile_engineering_data_management
- workload_manager
- siebel_ui_framework
- communications_instant_messaging_server
- mysql_enterprise_monitor
opensuse
- leap
debian
- debian_linux
apache
- tomcat
canonical
- ubuntu_linux
netapp
- oncommand_system_manager