Severity Rating: High
Software Affected
· Apache Tomcat 10.0.0-M1 to 10.0.0-M5
· Apache Tomcat 9.0.0.M1 to 9.0.35
· Apache Tomcat 8.5.0 to 8.5.55
Overview
A vulnerability has been reported in Apache Tomcat which could allow an
attacker to cause a denial of service (DOS) condition on the target system.
Description
This vulnerability exists in Apache Tomcat when sufficient number of
requests are made on concurrent HTTP/2 connections. An attacker could
exploit this vulnerability by sending a specially crafted sequence of
HTTP/2 requests that could trigger high CPU usage for several seconds
resulting in the system to become unresponsive.
Successful exploitation of this vulnerability could allow the attacker to
cause a denial of service (DOS) condition on the target system.
Solution
Upgrade to latest Apache Tomcat version:
Vendor Information
Apache Tomcat
References
Apache Tomcat
RedHat
CVE Name
CVE-2020-11996
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.