CVE-2020-13943
Vulnerability Summary
Timeline
Description
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 12.12%• Percentile: 94%
Affected Systems
- Unknown•Tomcat
8.5.0 | 8.5.1 | 8.5.2 | 8.5.3 | 8.5.4 | 8.5.5 | 8.5.6 | 8.5.7 | 8.5.8 | 8.5.9 | 8.5.10 | 8.5.11 | 8.5.12 | 8.5.13 | 8.5.14 | 8.5.15 | 8.5.16 | 8.5.17 | 8.5.18 | 8.5.19 | 8.5.20 | 8.5.21 | 8.5.22 | 8.5.23 | 8.5.24 | 8.5.25 | 8.5.26 | 8.5.27 | 8.5.28 | 8.5.29 | 8.5.30 | 8.5.31 | 8.5.32 | 8.5.33 | 8.5.34 | 8.5.35 | 8.5.36 | 8.5.37 | 8.5.38 | 8.5.39 | 8.5.40 | 8.5.41 | 8.5.42 | 8.5.43 | 8.5.44 | 8.5.45 | 8.5.46 | 8.5.47 | 8.5.48 | 8.5.49 | 8.5.50 | 8.5.51 | 8.5.52 | 8.5.53 | 8.5.54 | 8.5.55 | 8.5.56 | 8.5.57 | 9.0.0:milestone10 | 9.0.0:milestone11 | 9.0.0:milestone12 | 9.0.0:milestone13 | 9.0.0:milestone14 | 9.0.0:milestone15 | 9.0.0:milestone16 | 9.0.0:milestone17 | 9.0.0:milestone18 | 9.0.0:milestone19 | 9.0.0:milestone20 | 9.0.0:milestone21 | 9.0.0:milestone22 | 9.0.0:milestone23 | 9.0.0:milestone24 | 9.0.0:milestone25 | 9.0.0:milestone26 | 9.0.0:milestone27 | 9.0.0:milestone5 | 9.0.0:milestone6 | 9.0.0:milestone7 | 9.0.0:milestone8 | 9.0.0:milestone9 | 9.0.1 | 9.0.2 | 9.0.3 | 9.0.4 | 9.0.5 | 9.0.6 | 9.0.7 | 9.0.8 | 9.0.9 | 9.0.10 | 9.0.11 | 9.0.12 | 9.0.13 | 9.0.14 | 9.0.15 | 9.0.16 | 9.0.17 | 9.0.18 | 9.0.19 | 9.0.20 | 9.0.21 | 9.0.22 | 9.0.23 | 9.0.24 | 9.0.25 | 9.0.26 | 9.0.27 | 9.0.28 | 9.0.29 | 9.0.30 | 9.0.31 | 9.0.32 | 9.0.33 | 9.0.34 | 9.0.35 | 9.0.36 | 9.0.37 | 10.0.0:milestone1 | 10.0.0:milestone2 | 10.0.0:milestone3 | 10.0.0:milestone4 | 10.0.0:milestone5 | 10.0.0:milestone6 | 10.0.0:milestone7
- debian•debian_linux
9.0 | 10.0
- org.apache.tomcat•tomcat-coyote
≥ 10.0.0-M1, < 10.0.0-M8 | ≥ 9.0.0-M1, < 9.0.38 | ≥ 8.5.0, < 8.5.58
- oracle•instantis_enterprisetrack
17.1 | 17.2 | 17.3
- oracle•sd-wan_edge
9.0
References (12)
- https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html
- https://www.debian.org/security/2021/dsa-4835
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://security.netapp.com/advisory/ntap-20201016-0007/
- https://nvd.nist.gov/vuln/detail/CVE-2020-13943
- https://github.com/apache/tomcat/commit/1bbc650cbc3f08d85a1ec6d803c47ae53a84f3bb
- https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b
- https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a
- https://security.netapp.com/advisory/ntap-20201016-0007