The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisories for CVE-2020-13934 and CVE-2020-13935 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

References

mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E

nessus 44

openvas 18

redhat 14

tomcat 4

photon 5

debian 2

suse 2

amazon 2

kaspersky 2

osv 8

mageia 1

freebsd 1

ibm 15

ubuntu 2

prion 3

cvelist 3

f5 2

nvd 3

veracode 3

cve 3

ubuntucve 2

atlassian 4

redhatcve 4

debiancve 2

githubexploit 1

github 2

centos 1

symantec 1

oraclelinux 1

checkpoint_advisories 1

oracle 6

nessus

Apache Tomcat 8.5.0 < 8.5.57 multiple vulnerabilities

2020-07-17 00:00:00

Photon OS 3.0: Apache PHSA-2020-3.0-0116

2020-07-21 00:00:00

openSUSE Security Update : tomcat (openSUSE-2020-1102)

2020-07-28 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2020:2037-1)

2021-04-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:2047-1)

2021-06-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:2045-1)

2021-04-19 00:00:00

redhat

(RHSA-2020:3308) Important: Red Hat JBoss Web Server 5.3.2 security update

2020-08-04 11:35:57

(RHSA-2020:3306) Important: Red Hat JBoss Web Server 5.3.2 security update

2020-08-04 11:21:34

(RHSA-2020:3806) Important: Red Hat support for Spring Boot 2.2.6.SP2 security update

2020-09-23 16:23:17

tomcat

Fixed in Apache Tomcat 9.0.37

2020-07-05 00:00:00

Fixed in Apache Tomcat 8.5.57

2020-07-05 00:00:00

Fixed in Apache Tomcat 10.0.0-M7

2020-07-05 00:00:00

photon

Important Photon OS Security Update - PHSA-2020-0116

2020-07-20 00:00:00

Important Photon OS Security Update - PHSA-2020-3.0-0116

2020-07-20 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0309

2020-07-25 00:00:00

debian

[SECURITY] [DLA 2286-1] tomcat8 security update

2020-07-22 16:39:36

[SECURITY] [DSA 4627-1] tomcat9 security update

2020-07-17 18:07:40

suse

Security update for tomcat (important)

2020-07-29 00:00:00

Security update for tomcat (important)

2020-07-27 00:00:00

amazon

Important: tomcat8

2020-07-27 23:58:00

Important: tomcat

2023-05-11 17:49:00

kaspersky

KLA12083 DoS vulnerabilities in Apache Tomcat

2020-07-05 00:00:00

KLA12084 DoS vulnerability in Apache Tomcat

2020-07-07 00:00:00

osv

tomcat8 - security update

2020-07-22 00:00:00

tomcat9 - security update

2020-07-17 00:00:00

tomcat9 vulnerabilities

2020-10-21 13:55:35

mageia

Updated tomcat packages fix security vulnerability

2020-08-18 21:47:25

freebsd

Apache Tomcat -- Multiple Vulnerabilities

2020-07-05 00:00:00

ibm

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony

2020-08-17 09:36:06

Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities.

2020-10-07 13:46:30

Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-13935

2022-01-25 07:37:12

ubuntu

Tomcat vulnerabilities

2020-10-21 00:00:00

Tomcat vulnerabilities

2020-08-04 00:00:00

prion

Design/Logic Flaw

2020-07-14 15:15:00

Denial of service

2020-07-14 15:15:00

Design/Logic Flaw

2020-09-09 14:15:00

cvelist

CVE-2020-13934

2020-07-14 14:59:11

CVE-2020-13935

2020-07-14 15:00:21

CVE-2020-14384

2020-09-09 13:17:28

K38573130 : Apache Tomcat vulnerability CVE-2020-13934

2020-08-13 00:00:00

K45026834 : Apache Tomcat vulnerability CVE-2020-13935

2020-08-27 00:00:00

nvd

CVE-2020-13934

2020-07-14 15:15:11

CVE-2020-13935

2020-07-14 15:15:11

CVE-2020-14384

2020-09-09 14:15:12

veracode

Denial Of Service (DoS)

2020-07-15 07:48:04

Denial Of Service (DoS)

2020-07-15 08:18:40

Denial-of-Service (DoS)

2020-09-15 01:53:24

cve

CVE-2020-13934

2020-07-14 15:15:11

CVE-2020-13935

2020-07-14 15:15:11

CVE-2020-14384

2020-09-09 14:15:12

ubuntucve

CVE-2020-13934

2020-07-14 00:00:00

CVE-2020-13935

2020-07-14 00:00:00

atlassian

Upgrade the bundled version of Apache Tomcat to 8.5.57

2020-07-17 15:19:11

Upgrade the bundled version of Apache Tomcat to 8.5.57

2020-07-17 15:19:11

Upgrade Tomcat to version 9.0.37

2020-06-29 13:40:00

redhatcve

CVE-2020-13934

2020-07-15 06:08:06

CVE-2020-13935

2020-07-15 06:37:38

CVE-2024-24549

2024-03-14 21:40:09

debiancve

CVE-2020-13934

2020-07-14 15:15:11

CVE-2020-13935

2020-07-14 15:15:11

githubexploit

Exploit for Infinite Loop in Apache Tomcat

2020-11-02 14:48:55

github

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

2022-02-08 22:05:00

Infinite Loop in Apache Tomcat

2022-02-08 22:05:17

centos

tomcat security update

2020-10-20 19:04:26

symantec

Apache Tomcat Vulnerabilities May 2020 - Mar 2021

2021-03-16 19:59:07

oraclelinux

tomcat security and bug fix update

2020-10-06 00:00:00

checkpoint_advisories

Web Servers Memory Corruption Attempt (CVE-2020-12000; CVE-2020-13934; CVE-2020-3239; CVE-2020-9490)

2020-12-28 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.912 High

EPSS

Percentile

98.9%

JSON

Related for CISA:7E752ED3C4545FF8F72629B02D303E84