FreeBSD Bugzilla – Attachment 215954 Details for
Bug 247555
security/vuxml tomcat vulnerability CVE-2020-11996
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for vuxml to include tomcat CVE-2020-11996
tomcat.diff (text/plain), 1.28 KB, created by
rob2g2
on 2020-06-26 06:42:31 UTC
(
hide
)
Description:
patch for vuxml to include tomcat CVE-2020-11996
Filename:
MIME Type:
Creator:
rob2g2
Created:
2020-06-26 06:42:31 UTC
Size:
1.28 KB
patch
obsolete
>--- vuln2.xml Fri Jun 26 08:39:11 2020 >+++ vuln.xml Fri Jun 26 08:39:29 2020 >@@ -60,0 +61,38 @@ >+ <vuln vid="4c24249a-b777-11ea-b78f-b42e99a1b9c3"> >+ <topic>Apache Tomcat -- HTTP/2 DoS</topic> >+ <affects> >+ <package> >+ <name>tomcat85</name> >+ <range><lt>8.5.55</lt></range> >+ </package> >+ <package> >+ <name>tomcat9</name> >+ <range><lt>9.0.36</lt></range> >+ </package> >+ <package> >+ <name>tomcat-devel</name> >+ <range><lt>10.0.0-M6</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The Apache Software Foundation reports:</p> >+ <blockquote> >+ <p>CVE-2020-11996: A specially crafted sequence of HTTP/2 requests could trigger high CPU >+usage for several seconds. If a sufficient number of such requests were >+made on concurrent HTTP/2 connections, the server could become unresponsive.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://tomcat.apache.org/security-8.html</url> >+ <url>http://tomcat.apache.org/security-9.html</url> >+ <url>http://tomcat.apache.org/security-10.html</url> >+ <cvename>CVE-2020-11996</cvename> >+ </references> >+ <dates> >+ <discovery>2020-06-07</discovery> >+ <entry>2020-06-26</entry> >+ </dates> >+ </vuln> >+
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 247555
: 215954