HomePentest-Tools.com Logo

Apache Tomcat HTTP/2 Vulnerability - Oct20 (Windows) CVE-2020-13943

Severity
CVSSv3 Score
4.3
Vulnerability description

Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2.

Risk description

If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Recommendation

Update to version 8.5.58, 9.0.38, 10.0.0-M8 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 12, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available