HTTP: Apache Tomcat WebSocket Infinite Loop Denial of Service
This signature detects attempts to exploit a known vulnerability against Apache Tomcat WebSocket. A successful attack can result in a denial-of-service condition.
Extended Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Affected Products
Oracle blockchain_platform
References
CVE: CVE-2020-13935
URL: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37
Short Name
HTTP:APACHE:CVE-2020-13935-DOS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2020-13935 Denial Infinite Loop Service Tomcat WebSocket of
Release Date
09/16/2020
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Mcafee
Opensuse
Oracle
Apache
Netapp
Debian
Canonical
CVSS Score
5.0