CVSS: 7.5EPSS: 92%CPEs: 74EXPL: 2CVE-2020-13935 – tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
https://notcve.org/view.php?id=CVE-2020-13935
14 Jul 2020 — The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. La longitud de la carga útil en una trama de WebSocket no fue comprobada correctamente en Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M6, versiones 9.0.0.M1 hasta 9.0.36, versiones 8.5.0 hasta 8.5.56 y v... • https://github.com/RedTeamPentesting/CVE-2020-13935 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 55%CPEs: 54EXPL: 0CVE-2020-13934 – tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS
https://notcve.org/view.php?id=CVE-2020-13934
14 Jul 2020 — An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. Una conexión directa h2c a Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M6, versiones 9.0.0.M5 hasta 9.0.36 y versiones 8.5.1 hasta 8.5.56, no publicó el procesador HTTP/1.1 después de la actualización a HTTP/2. Si un ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 93%CPEs: 77EXPL: 19CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
20 May 2020 — When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d)... • https://packetstorm.news/files/id/157924 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 7%CPEs: 27EXPL: 1CVE-2020-11655 – Gentoo Linux Security Advisory 202007-26
https://notcve.org/view.php?id=CVE-2020-11655
09 Apr 2020 — SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. SQLite versiones hasta 3.31.1, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de una consulta de una función de window malformada porque la inicialización el objeto AggInfo es manejada inapropiadamente. It was discovered that SQLite incorrectly handled certain corrupted schemas. An at... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-665: Improper Initialization •
CVSS: 6.1EPSS: 15%CPEs: 24EXPL: 0CVE-2020-1927 – httpd: mod_rewrite configurations vulnerable to open redirect
https://notcve.org/view.php?id=CVE-2020-1927
01 Apr 2020 — In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. En Apache HTTP Server versiones 2.4.0 hasta 2.4.41, los redireccionamientos configurados con mod_rewrite que pretendían ser autorreferenciales podrían ser engañados por nuevas líneas codificadas y redireccionadas en lugar de una URL inesperada dentro de la URL de petición. A flaw was fou... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 38%CPEs: 21EXPL: 0CVE-2020-1934 – httpd: mod_proxy_ftp use of uninitialized value
https://notcve.org/view.php?id=CVE-2020-1934
01 Apr 2020 — In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. En Apache HTTP Server versiones 2.4.0 hasta 2.4.41, mod_proxy_ftp puede usar memoria no inicializada cuando al enviar un proxy hacia un servidor FTP malicioso. A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality. Red Hat JBoss... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 94%CPEs: 38EXPL: 40CVE-2020-1938 – Apache Tomcat Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2020-1938
24 Feb 2020 — When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected... • https://packetstorm.news/files/id/180825 • CWE-285: Improper Authorization •
CVSS: 5.8EPSS: 1%CPEs: 60EXPL: 0CVE-2020-1935 – tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
https://notcve.org/view.php?id=CVE-2020-1935
24 Feb 2020 — In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. En Apache Tomcat versiones 9.0.0.M1 hasta 9.0.30, versiones 8.5.0 hasta 8.5.50 y... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.8EPSS: 9%CPEs: 25EXPL: 0CVE-2019-17569 – tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling
https://notcve.org/view.php?id=CVE-2019-17569
24 Feb 2020 — The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. La refactorización presente en Apache Tomcat versiones 9.0.28 ha... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 6%CPEs: 8EXPL: 0CVE-2019-0219
https://notcve.org/view.php?id=CVE-2019-0219
14 Jan 2020 — A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. Un sitio web ejecutado en la vista web de InAppBrowser en Android podría ejecutar JavaScript arbitrario en la vista web de la aplicación principal usando un URI gap-iab: especialmente diseñado. • http://www.openwall.com/lists/oss-security/2019/11/28/1 •