The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
07 Nov 2023, 03:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 May 2022, 15:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle blockchain Platform
|
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 16:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Netapp oncommand System Manager Oracle Oracle agile Plm Oracle siebel Ui Framework Canonical ubuntu Linux Netapp Canonical Oracle mysql Enterprise Monitor Oracle fmw Platform Oracle commerce Guided Search Oracle managed File Transfer Oracle communications Instant Messaging Server Debian Mcafee epolicy Orchestrator Oracle instantis Enterprisetrack Oracle agile Engineering Data Management Opensuse leap Oracle workload Manager Mcafee Opensuse Oracle communications Cloud Native Core Policy |
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Not Applicable, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4727 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4448-1/ - Third Party Advisory | |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4596-1/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200724-0003/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html - Mailing List, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-14 15:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-13935
Mitre link : CVE-2020-13935
CVE.ORG link : CVE-2020-13935
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_policy
- blockchain_platform
- agile_engineering_data_management
- fmw_platform
- mysql_enterprise_monitor
- communications_instant_messaging_server
- instantis_enterprisetrack
- workload_manager
- siebel_ui_framework
- managed_file_transfer
- agile_plm
- commerce_guided_search
apache
- tomcat
netapp
- oncommand_system_manager
opensuse
- leap
mcafee
- epolicy_orchestrator
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')