Lucene search
Redhat.comRH:CVE-2020-11996HistoryJun 26, 2020 - 1:50 p.m.
CVE-2020-11996
2020-06-2613:50:58
redhat.com
access.redhat.com
23
0.002 Low
EPSS
Percentile
55.8%
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
References
mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E
tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6
tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56
tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36
bugzilla.redhat.com/show_bug.cgi?id=1851420
nvd.nist.gov/vuln/detail/CVE-2020-11996
www.cve.org/CVERecord?id=CVE-2020-11996
Related
tomcat
tomcat
Fixed in Apache Tomcat 8.5.56
2020-06-07 00:00:00
Fixed in Apache Tomcat 9.0.36
2020-06-07 00:00:00
Fixed in Apache Tomcat 10.0.0-M6
2020-06-07 00:00:00
cve
cve
CVE-2020-11996
2020-06-26 17:15:10
kaspersky
kaspersky
KLA11823 CPU usage vulnerability in Apache Tomcat
2020-06-07 00:00:00
nessus
nessus
Photon OS 1.0: Apache PHSA-2020-1.0-0308
2020-07-15 00:00:00
openSUSE Security Update : tomcat (openSUSE-2020-1051)
2020-07-27 00:00:00
Apache Tomcat 10.0.0.M1 < 10.0.0.M6
2021-06-21 00:00:00
prion
prion
Code injection
2020-06-26 17:15:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:1841-1)
2021-04-19 00:00:00
Apache Tomcat DoS Vulnerability (Jun 2020) - Linux
2020-06-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1962-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2020-11996
2020-06-26 16:27:20
suse
suse
Security update for tomcat (important)
2020-07-23 00:00:00
Security update for tomcat (important)
2020-07-26 00:00:00
osv
osv
BIT-tomcat-2020-11996
2024-03-06 11:11:51
Uncontrolled Resource Consumption in Apache Tomcat
2022-02-09 23:01:22
CVE-2020-11996
2020-06-26 17:15:10
github
github
Uncontrolled Resource Consumption in Apache Tomcat
2022-02-09 23:01:22
archlinux
archlinux
[ASA-202006-16] tomcat8: denial of service
2020-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2020-11996
2020-06-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-06-26 07:34:58
nvd
nvd
CVE-2020-11996
2020-06-26 17:15:10
redhat
redhat
(RHSA-2020:5173) Moderate: Red Hat JBoss Web Server 5.4 security release
2020-11-23 12:01:21
(RHSA-2020:5170) Moderate: Red Hat JBoss Web Server 5.4 security release
2020-11-23 12:00:02
ibm
ibm
cisa
cisa
Apache Releases Security Advisory for Apache Tomcat
2020-06-26 00:00:00
f5
f5
K19240391 : Apache Tomcat vulnerability CVE-2020-11996
2020-07-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Denial of Service (CVE-2020-11996)
2021-11-14 00:00:00
debiancve
debiancve
CVE-2020-11996
2020-06-26 17:15:10
debian
debian
[SECURITY] [DLA 2279-1] tomcat8 security update
2020-07-12 21:11:35
[SECURITY] [DSA 4627-1] tomcat9 security update
2020-07-17 18:07:40
photon
photon
Important Photon OS Security Update - PHSA-2020-0114
2020-07-16 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0308
2020-07-15 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0114
2020-07-16 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2020-08-18 21:47:25
atlassian
atlassian
Upgrade Tomcat to version 9.0.37
2020-06-29 13:40:00
Upgrade Tomcat to version 9.0.37
2020-06-29 13:40:00
Upgrade the bundled version of Apache Tomcat to 8.5.57
2020-07-17 15:19:11
attackerkb
attackerkb
CVE-2020-1938
2020-02-24 00:00:00
freebsd
freebsd
Apache Tomcat -- Multiple Vulnerabilities
2020-07-05 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2020-10-21 00:00:00
symantec
symantec
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
2021-03-16 19:59:07
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00