--- vuln2.xml	Fri Jun 26 08:39:11 2020
+++ vuln.xml	Fri Jun 26 08:39:29 2020
@@ -60,0 +61,38 @@
+  <vuln vid="4c24249a-b777-11ea-b78f-b42e99a1b9c3">
+    <topic>Apache Tomcat -- HTTP/2 DoS</topic>
+    <affects>
+      <package>
+	<name>tomcat85</name>
+	<range><lt>8.5.55</lt></range>
+      </package>
+      <package>
+	<name>tomcat9</name>
+	<range><lt>9.0.36</lt></range>
+      </package>
+      <package>
+	<name>tomcat-devel</name>
+	<range><lt>10.0.0-M6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Apache Software Foundation reports:</p>
+	<blockquote>
+    <p>CVE-2020-11996: A specially crafted sequence of HTTP/2 requests could trigger high CPU
+usage for several seconds. If a sufficient number of such requests were
+made on concurrent HTTP/2 connections, the server could become unresponsive.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+    <url>http://tomcat.apache.org/security-8.html</url>
+    <url>http://tomcat.apache.org/security-9.html</url>
+    <url>http://tomcat.apache.org/security-10.html</url>
+      <cvename>CVE-2020-11996</cvename>
+   </references>
+    <dates>
+      <discovery>2020-06-07</discovery>
+      <entry>2020-06-26</entry>
+    </dates>
+  </vuln>
+