CVE-2020-13935 – The payload length in a WebSocket frame was not correctly validated in Ap

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

Reference (s):

• https://kc.mcafee.com/corporate/index?page=content&id=SB10332
• URL: https://kc.mcafee.com/corporate/index?page=content&id=SB10332
• https://security.netapp.com/advisory/ntap-20200724-0003/
• URL: https://security.netapp.com/advisory/ntap-20200724-0003/
• DEBIAN:DSA-4727