Date: Thu, 23 Jul 2020 14:42:25 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r542934 - head/security/vuxml Message-ID: <202007231442.06NEgPeA018140@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Thu Jul 23 14:42:25 2020 New Revision: 542934 URL: https://svnweb.freebsd.org/changeset/ports/542934 Log: modified the tomcat entry and add CVE-2020-11996 PR: 247555 Sponsored by: Netzkommune GmbH Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jul 23 14:35:31 2020 (r542933) +++ head/security/vuxml/vuln.xml Thu Jul 23 14:42:25 2020 (r542934) @@ -87,6 +87,9 @@ Notes: <p>The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.</p> + <p>A specially crafted sequence of HTTP/2 requests could trigger high CPU + usage for several seconds. If a sufficient number of such requests were + +made on concurrent HTTP/2 connections, the server could become unresponsive.</p> </body> </description> <references> @@ -94,12 +97,14 @@ Notes: <url>https://tomcat.apache.org/security-8.html</url>; <url>https://tomcat.apache.org/security-9.html</url>; <url>https://tomcat.apache.org/security-10.html</url>; + <cvename>CVE-2020-11996</cvename> <cvename>CVE-2020-13934</cvename> <cvename>CVE-2020-13935</cvename> </references> <dates> <discovery>2020-07-05</discovery> <entry>2020-07-23</entry> + <modified>2020-07-23</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007231442.06NEgPeA018140>