CVE-2020-13935

Description

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 92.16%• Percentile: 100%

Techniques & Countermeasures

• CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')

  The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

• Unknown•Tomcat

  ≥ 7.0.27, ≤ 7.0.104 | ≥ 8.5.0, ≤ 8.5.56 | ≥ 9.0.1, ≤ 9.0.36 | 9.0.0:milestone1 | 9.0.0:milestone10 | 9.0.0:milestone11 | 9.0.0:milestone12 | 9.0.0:milestone13 | 9.0.0:milestone14 | 9.0.0:milestone15 | 9.0.0:milestone16 | 9.0.0:milestone17 | 9.0.0:milestone18 | 9.0.0:milestone19 | 9.0.0:milestone2 | 9.0.0:milestone20 | 9.0.0:milestone21 | 9.0.0:milestone22 | 9.0.0:milestone23 | 9.0.0:milestone24 | 9.0.0:milestone25 | 9.0.0:milestone26 | 9.0.0:milestone27 | 9.0.0:milestone3 | 9.0.0:milestone4 | 9.0.0:milestone5 | 9.0.0:milestone6 | 9.0.0:milestone7 | 9.0.0:milestone8 | 9.0.0:milestone9 | 10.0.0:milestone1 | 10.0.0:milestone2 | 10.0.0:milestone3 | 10.0.0:milestone4 | 10.0.0:milestone5 | 10.0.0:milestone6

• canonical•ubuntu_linux

  16.04 | 20.04

• debian•debian_linux

  9.0 | 10.0

• org.apache.tomcat•tomcat

  ≥ 10.0.0-M1, < 10.0.0-M7 | ≥ 9.0.0.M1, < 9.0.37 | ≥ 8.5.0, < 8.5.57 | ≥ 7.0.27, < 7.0.105

• mcafee•epolicy_orchestrator

  5.9.0 | 5.9.1 | 5.10.0 | 5.10.0:update_1 | 5.10.0:update_2 | 5.10.0:update_3 | 5.10.0:update_4 | 5.10.0:update_5 | 5.10.0:update_6 | 5.10.0:update_7 | 5.10.0:update_8

• netapp•oncommand_system_manager

  ≥ 3.0.0, ≤ 3.1.3

• opensuse•leap

  15.1 | 15.2

• oracle•agile_engineering_data_management

  6.2.1.0

• oracle•agile_plm

  9.3.3 | 9.3.5 | 9.3.6

• oracle•blockchain_platform

  < 21.1.2

• oracle•commerce_guided_search

  11.3.2

• oracle•communications_cloud_native_core_policy

  1.14.0

• oracle•communications_instant_messaging_server

  10.0.1.5.0

• oracle•fmw_platform

  12.2.1.3.0 | 12.2.1.4.0

• oracle•instantis_enterprisetrack

  17.1 | 17.2 | 17.3

• oracle•managed_file_transfer

  12.2.1.3.0 | 12.2.1.4.0

• oracle•mysql_enterprise_monitor

  ≤ 8.0.21

• oracle•siebel_ui_framework

  ≤ 20.12

• oracle•workload_manager

  12.2.0.1 | 18c | 19c

References (32)

• https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E
• https://www.debian.org/security/2020/dsa-4727
• https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html
• https://usn.ubuntu.com/4448-1/
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://security.netapp.com/advisory/ntap-20200724-0003/
• https://kc.mcafee.com/corporate/index?page=content&id=SB10332
• https://usn.ubuntu.com/4596-1/
• https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://nvd.nist.gov/vuln/detail/CVE-2020-13935
• https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
• https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3
• https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d
• https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784
• https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84
• https://usn.ubuntu.com/4596-1
• https://usn.ubuntu.com/4448-1
• https://tomcat.apache.org/security-9.html
• https://tomcat.apache.org/security-8.html
• https://tomcat.apache.org/security-7.html
• https://tomcat.apache.org/security-10.html
• https://security.netapp.com/advisory/ntap-20200724-0003
• https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E
• https://github.com/apache/tomcat