Attachment 215954 Details for Bug 247555 – patch for vuxml to include tomcat CVE-2020-11996

[patch] patch for vuxml to include tomcat CVE-2020-11996

tomcat.diff (text/plain), 1.28 KB, created by rob2g2 on 2020-06-26 06:42:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: rob2g2

Created: 2020-06-26 06:42:31 UTC

Size: 1.28 KB

patch

obsolete

>--- vuln2.xml	Fri Jun 26 08:39:11 2020
>+++ vuln.xml	Fri Jun 26 08:39:29 2020
>@@ -60,0 +61,38 @@
>+  <vuln vid="4c24249a-b777-11ea-b78f-b42e99a1b9c3">
>+    <topic>Apache Tomcat -- HTTP/2 DoS</topic>
>+    <affects>
>+      <package>
>+	<name>tomcat85</name>
>+	<range><lt>8.5.55</lt></range>
>+      </package>
>+      <package>
>+	<name>tomcat9</name>
>+	<range><lt>9.0.36</lt></range>
>+      </package>
>+      <package>
>+	<name>tomcat-devel</name>
>+	<range><lt>10.0.0-M6</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>The Apache Software Foundation reports:</p>
>+	<blockquote>
>+    <p>CVE-2020-11996: A specially crafted sequence of HTTP/2 requests could trigger high CPU
>+usage for several seconds. If a sufficient number of such requests were
>+made on concurrent HTTP/2 connections, the server could become unresponsive.</p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+    <url>http://tomcat.apache.org/security-8.html</url>
>+    <url>http://tomcat.apache.org/security-9.html</url>
>+    <url>http://tomcat.apache.org/security-10.html</url>
>+      <cvename>CVE-2020-11996</cvename>
>+   </references>
>+    <dates>
>+      <discovery>2020-06-07</discovery>
>+      <entry>2020-06-26</entry>
>+    </dates>
>+  </vuln>
>+

Actions: View | Diff

Attachments on bug 247555: 215954