CVE-2020-13935

Description

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

How to fix CVE-2020-13935

To remediate CVE-2020-13935, upgrade the affected package to a fixed version below.

• —upgrade to 7.0.105 or later
• —upgrade to 9.0.37-1 or later
• —upgrade to 7.0.105 or later
• —upgrade to 10.0.0-M7 or later
• —upgrade to 10.0.0-M7 or later

Is CVE-2020-13935 being exploited?

Likely — EPSS is 92.2%, placing CVE-2020-13935 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (5)

• >= 7.0.27, < 7.0.105, >= 8.5.0, < 8.5.57, >= 9.0.1, < 9.0.37
• from 0, < 9.0.37-1
• >= 7.0.27, < 7.0.105
• >= 10.0.0-M1, < 10.0.0-M7
• >= 10.0.0-M1, < 10.0.0-M7

CVSS scores

References (33)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-13935
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-13935
• PATCHgithub.com/apache/tomcat
• WEBlists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html