CVE-2020-11996: Uncontrolled Resource Consumption in Apache Tomcat
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
References
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html
- github.com/advisories/GHSA-53hp-jpwq-2jgq
- nvd.nist.gov/vuln/detail/CVE-2020-11996
- security.netapp.com/advisory/ntap-20200709-0002/
- usn.ubuntu.com/4596-1/
- www.debian.org/security/2020/dsa-4727
- www.oracle.com/security-alerts/cpujan2021.html
- www.oracle.com/security-alerts/cpuoct2020.html
Code Behaviors & Features
Detect and mitigate CVE-2020-11996 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →