Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
| Software | From | Fixed in |
|---|---|---|
| apache / tomcat | 8.5.2 | 8.5.2.x |
| apache / tomcat | 8.5.9 | 8.5.9.x |
| apache / tomcat | 8.5.4 | 8.5.4.x |
| apache / tomcat | 8.5.0 | 8.5.0.x |
| apache / tomcat | 8.5.15 | 8.5.15.x |
| apache / tomcat | 8.5.10 | 8.5.10.x |
| apache / tomcat | 8.5.13 | 8.5.13.x |
| apache / tomcat | 8.5.14 | 8.5.14.x |
| apache / tomcat | 8.5.5 | 8.5.5.x |
| apache / tomcat | 8.5.3 | 8.5.3.x |
| apache / tomcat | 8.5.6 | 8.5.6.x |
| apache / tomcat | 8.5.7 | 8.5.7.x |
| apache / tomcat | 8.5.8 | 8.5.8.x |
| apache / tomcat | 8.5.12 | 8.5.12.x |
| apache / tomcat | 8.5.11 | 8.5.11.x |
| apache / tomcat | 8.5.1 | 8.5.1.x |
| apache / tomcat | 8.5.16 | 8.5.16.x |
| apache / tomcat | 8.5.17 | 8.5.17.x |
| apache / tomcat | 8.5.18 | 8.5.18.x |
| apache / tomcat | 8.5.19 | 8.5.19.x |
| apache / tomcat | 8.5.20 | 8.5.20.x |
| apache / tomcat | 8.5.21 | 8.5.21.x |
| apache / tomcat | 8.5.22 | 8.5.22.x |
| apache / tomcat | 9.0.1 | 9.0.1.x |
| apache / tomcat | 9.0.2 | 9.0.2.x |
| apache / tomcat | 9.0.3 | 9.0.3.x |
| apache / tomcat | 9.0.4 | 9.0.4.x |
| apache / tomcat | 9.0.0-milestone10 | 9.0.0-milestone10.x |
| apache / tomcat | 9.0.0-milestone11 | 9.0.0-milestone11.x |
| apache / tomcat | 9.0.0-milestone12 | 9.0.0-milestone12.x |
| apache / tomcat | 9.0.0-milestone13 | 9.0.0-milestone13.x |
| apache / tomcat | 9.0.0-milestone14 | 9.0.0-milestone14.x |
| apache / tomcat | 9.0.0-milestone15 | 9.0.0-milestone15.x |
| apache / tomcat | 9.0.0-milestone16 | 9.0.0-milestone16.x |
| apache / tomcat | 9.0.0-milestone17 | 9.0.0-milestone17.x |
| apache / tomcat | 9.0.0-milestone18 | 9.0.0-milestone18.x |
| apache / tomcat | 9.0.0-milestone19 | 9.0.0-milestone19.x |
| apache / tomcat | 9.0.0-milestone20 | 9.0.0-milestone20.x |
| apache / tomcat | 9.0.0-milestone21 | 9.0.0-milestone21.x |
| apache / tomcat | 9.0.0-milestone22 | 9.0.0-milestone22.x |
| apache / tomcat | 9.0.0-milestone23 | 9.0.0-milestone23.x |
| apache / tomcat | 9.0.0-milestone24 | 9.0.0-milestone24.x |
| apache / tomcat | 9.0.0-milestone25 | 9.0.0-milestone25.x |
| apache / tomcat | 9.0.0-milestone26 | 9.0.0-milestone26.x |
| apache / tomcat | 9.0.0-milestone27 | 9.0.0-milestone27.x |
| apache / tomcat | 9.0.0-milestone5 | 9.0.0-milestone5.x |
| apache / tomcat | 9.0.0-milestone6 | 9.0.0-milestone6.x |
| apache / tomcat | 9.0.0-milestone7 | 9.0.0-milestone7.x |
| apache / tomcat | 9.0.0-milestone8 | 9.0.0-milestone8.x |
| apache / tomcat | 9.0.0-milestone9 | 9.0.0-milestone9.x |
| apache / tomcat | 10.0.0-milestone3 | 10.0.0-milestone3.x |
| apache / tomcat | 10.0.0-milestone4 | 10.0.0-milestone4.x |
| apache / tomcat | 10.0.0-milestone2 | 10.0.0-milestone2.x |
| apache / tomcat | 10.0.0-milestone1 | 10.0.0-milestone1.x |
| apache / tomcat | 10.0.0-milestone5 | 10.0.0-milestone5.x |
| apache / tomcat | 10.0.0-milestone6 | 10.0.0-milestone6.x |
| apache / tomcat | 9.0.5 | 9.0.5.x |
| apache / tomcat | 9.0.6 | 9.0.6.x |
| apache / tomcat | 9.0.7 | 9.0.7.x |
| apache / tomcat | 9.0.8 | 9.0.8.x |
| apache / tomcat | 9.0.9 | 9.0.9.x |
| apache / tomcat | 9.0.10 | 9.0.10.x |
| apache / tomcat | 9.0.11 | 9.0.11.x |
| apache / tomcat | 9.0.12 | 9.0.12.x |
| apache / tomcat | 9.0.13 | 9.0.13.x |
| apache / tomcat | 9.0.14 | 9.0.14.x |
| apache / tomcat | 9.0.15 | 9.0.15.x |
| apache / tomcat | 9.0.16 | 9.0.16.x |
| apache / tomcat | 9.0.17 | 9.0.17.x |
| apache / tomcat | 9.0.18 | 9.0.18.x |
| apache / tomcat | 9.0.19 | 9.0.19.x |
| apache / tomcat | 9.0.20 | 9.0.20.x |
| apache / tomcat | 9.0.21 | 9.0.21.x |
| apache / tomcat | 9.0.22 | 9.0.22.x |
| apache / tomcat | 9.0.23 | 9.0.23.x |
| apache / tomcat | 9.0.24 | 9.0.24.x |
| apache / tomcat | 9.0.25 | 9.0.25.x |
| apache / tomcat | 9.0.26 | 9.0.26.x |
| apache / tomcat | 9.0.27 | 9.0.27.x |
| apache / tomcat | 9.0.28 | 9.0.28.x |
| apache / tomcat | 9.0.29 | 9.0.29.x |
| apache / tomcat | 9.0.30 | 9.0.30.x |
| apache / tomcat | 9.0.31 | 9.0.31.x |
| apache / tomcat | 9.0.32 | 9.0.32.x |
| apache / tomcat | 9.0.33 | 9.0.33.x |
| apache / tomcat | 9.0.34 | 9.0.34.x |
| apache / tomcat | 9.0.35 | 9.0.35.x |
| apache / tomcat | 9.0.36 | 9.0.36.x |
| apache / tomcat | 9.0.37 | 9.0.37.x |
| apache / tomcat | 10.0.0-milestone7 | 10.0.0-milestone7.x |
| apache / tomcat | 8.5.23 | 8.5.23.x |
| apache / tomcat | 8.5.24 | 8.5.24.x |
| apache / tomcat | 8.5.25 | 8.5.25.x |
| apache / tomcat | 8.5.26 | 8.5.26.x |
| apache / tomcat | 8.5.27 | 8.5.27.x |
| apache / tomcat | 8.5.28 | 8.5.28.x |
| apache / tomcat | 8.5.29 | 8.5.29.x |
| apache / tomcat | 8.5.30 | 8.5.30.x |
| apache / tomcat | 8.5.31 | 8.5.31.x |
| apache / tomcat | 8.5.32 | 8.5.32.x |
| apache / tomcat | 8.5.33 | 8.5.33.x |
| apache / tomcat | 8.5.34 | 8.5.34.x |
| apache / tomcat | 8.5.35 | 8.5.35.x |
| apache / tomcat | 8.5.36 | 8.5.36.x |
| apache / tomcat | 8.5.37 | 8.5.37.x |
| apache / tomcat | 8.5.38 | 8.5.38.x |
| apache / tomcat | 8.5.39 | 8.5.39.x |
| apache / tomcat | 8.5.40 | 8.5.40.x |
| apache / tomcat | 8.5.41 | 8.5.41.x |
| apache / tomcat | 8.5.42 | 8.5.42.x |
| apache / tomcat | 8.5.43 | 8.5.43.x |
| apache / tomcat | 8.5.44 | 8.5.44.x |
| apache / tomcat | 8.5.45 | 8.5.45.x |
| apache / tomcat | 8.5.46 | 8.5.46.x |
| apache / tomcat | 8.5.47 | 8.5.47.x |
| apache / tomcat | 8.5.48 | 8.5.48.x |
| apache / tomcat | 8.5.49 | 8.5.49.x |
| apache / tomcat | 8.5.50 | 8.5.50.x |
| apache / tomcat | 8.5.51 | 8.5.51.x |
| apache / tomcat | 8.5.52 | 8.5.52.x |
| apache / tomcat | 8.5.53 | 8.5.53.x |
| apache / tomcat | 8.5.54 | 8.5.54.x |
| apache / tomcat | 8.5.55 | 8.5.55.x |
| apache / tomcat | 8.5.56 | 8.5.56.x |
| apache / tomcat | 8.5.57 | 8.5.57.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| oracle / instantis_enterprisetrack | 17.1 | 17.1.x |
| oracle / instantis_enterprisetrack | 17.2 | 17.2.x |
| oracle / instantis_enterprisetrack | 17.3 | 17.3.x |
| oracle / sd-wan_edge | 9.0 | 9.0.x |
org.apache.tomcat / tomcat
|
10.0.0-M1 | 10.0.0-M7 |
|
org.apache.tomcat / tomcat
|
9.0.0-M1 | 9.0.37 |
|
org.apache.tomcat / tomcat
|
8.5.0 | 8.5.57 |
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html
- https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html
- https://security.netapp.com/advisory/ntap-20201016-0007/
- https://www.debian.org/security/2021/dsa-4835
- https://www.oracle.com/security-alerts/cpuApr2021.html