Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-13935
Severity
7.5HIGH
EPSS
91.7%
top 0.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Timeline
PublishedJul 14
Latest updateFeb 8
Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages21 packages
▶CVEListV5apache_tomcatApache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, 7.0.27 to 7.0.104
Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 20.04
Patches
🔴Vulnerability Details
6💥Exploits & PoCs
1Nuclei▶
Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service
📋Vendor Advisories
10Oracle▶
Oracle Oracle Commerce Risk Matrix: Endeca Application Controller (Apache Tomcat) — CVE-2020-13935↗2022-01-15
Oracle▶
Oracle Oracle Supply Chain Risk Matrix: Installation Issues (Apache Tomcat) — CVE-2020-13935↗2021-07-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: MFT Runtime Server (Apache Tomcat) — CVE-2020-13935↗2021-01-15
Oracle▶
Oracle Oracle Database Server Risk Matrix: Workload Manager (Apache Tomcat) — CVE-2020-13935↗2020-10-15
💬Community
3Bugzilla▶
CVE-2020-14384 jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS↗2020-09-02
Bugzilla▶
CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [fedora-all]↗2020-08-10
Bugzilla▶
CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS↗2020-07-15