The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.92155.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a Apache Tomcat affected
Version Status Constraints
Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, 7.0.27 to 7.0.104 affected

Configuration 1 [-]

OR cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*
Package CPE Advisory Released Date
EAP 6.4.24 release
cpe:/a:redhat:jboss_enterprise_application_platform:6 RHSA-2022:5458 2022-06-30T00:00:00Z
Red Hat Enterprise Linux 7
tomcat-0:7.0.76-15.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:4004 2020-09-29T00:00:00Z
Red Hat Fuse 7.9
tomcat cpe:/a:redhat:jboss_fuse:7 RHSA-2021:3140 2021-08-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 async
jbossweb cpe:/a:redhat:jboss_enterprise_application_platform:6.4 RHSA-2020:3382 2020-08-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5
jbossweb-0:7.5.31-2.Final_redhat_2.1.ep6.el5 cpe:/a:redhat:jboss_enterprise_application_platform:6::el5 RHSA-2020:3383 2020-08-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
jbossweb-0:7.5.31-2.Final_redhat_2.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2020:3383 2020-08-10T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6 cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 RHSA-2022:5459 2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
jbossweb-0:7.5.31-2.Final_redhat_2.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2020:3383 2020-08-10T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7 cpe:/a:redhat:jboss_enterprise_application_platform:6::el7 RHSA-2022:5460 2022-06-30T00:00:00Z
Red Hat JBoss Web Server 3.1
tomcat cpe:/a:redhat:jboss_enterprise_web_server:3.1 RHSA-2020:3305 2020-08-04T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
tomcat7-0:7.0.70-41.ep7.el6 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6 RHSA-2020:3303 2020-08-04T00:00:00Z
tomcat8-0:8.0.36-45.ep7.el6 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6 RHSA-2020:3303 2020-08-04T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
tomcat7-0:7.0.70-41.ep7.el7 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7 RHSA-2020:3303 2020-08-04T00:00:00Z
tomcat8-0:8.0.36-45.ep7.el7 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7 RHSA-2020:3303 2020-08-04T00:00:00Z
Red Hat JBoss Web Server 5.3 on RHEL 6
jws5-tomcat-0:9.0.30-5.redhat_6.1.el6jws cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6 RHSA-2020:3306 2020-08-04T00:00:00Z
Red Hat JBoss Web Server 5.3 on RHEL 7
jws5-tomcat-0:9.0.30-5.redhat_6.1.el7jws cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7 RHSA-2020:3306 2020-08-04T00:00:00Z
Red Hat JBoss Web Server 5.3 on RHEL 8
jws5-tomcat-0:9.0.30-5.redhat_6.1.el8jws cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8 RHSA-2020:3306 2020-08-04T00:00:00Z
Red Hat JBoss Web Server (JWS) 5.3
tomcat cpe:/a:redhat:jboss_enterprise_web_server:5.3 RHSA-2020:3308 2020-08-04T00:00:00Z
Red Hat Runtimes Spring Boot 2.2.6
tomcat cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2020:3806 2020-09-23T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Apache Subscribe
Tomcat Subscribe
Canonical Subscribe
Ubuntu Linux Subscribe
Debian Subscribe
Debian Linux Subscribe
Mcafee Subscribe
Epolicy Orchestrator Subscribe
Netapp Subscribe
Oncommand System Manager Subscribe
Opensuse Subscribe
Leap Subscribe
Oracle Subscribe
Agile Engineering Data Management Subscribe
Agile Plm Subscribe
Blockchain Platform Subscribe
Commerce Guided Search Subscribe
Communications Cloud Native Core Policy Subscribe
Communications Instant Messaging Server Subscribe
Fmw Platform Subscribe
Instantis Enterprisetrack Subscribe
Managed File Transfer Subscribe
Mysql Enterprise Monitor Subscribe
Siebel Ui Framework Subscribe
Workload Manager Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Jboss Enterprise Application Platform Subscribe
Jboss Enterprise Web Server Subscribe
Jboss Fuse Subscribe
Openshift Application Runtimes Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-2286-1 tomcat8 security update
Github GHSA Github GHSA GHSA-m7jv-hq7h-mq7c Infinite Loop in Apache Tomcat
Ubuntu USN Ubuntu USN USN-4448-1 Tomcat vulnerabilities
Ubuntu USN Ubuntu USN USN-4596-1 Tomcat vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html cve-icon cve-icon
http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E cve-icon
http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7 cve-icon
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105 cve-icon
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 cve-icon
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37 cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10332 cve-icon cve-icon
https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-13935 cve-icon
https://security.netapp.com/advisory/ntap-20200724-0003/ cve-icon cve-icon
https://usn.ubuntu.com/4448-1/ cve-icon cve-icon
https://usn.ubuntu.com/4596-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-13935 cve-icon
https://www.debian.org/security/2020/dsa-4727 cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T12:32:14.307Z

Reserved: 2020-06-08T00:00:00

Link: CVE-2020-13935

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-14T15:15:11.070

Modified: 2024-11-21T05:02:10.907

Link: CVE-2020-13935

cve-icon Redhat

Severity : Important

Publid Date: 2020-07-15T00:00:00Z

Links: CVE-2020-13935 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses