BIT-tomcat-2020-13943
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2020-13943.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-tomcat-2020-13943
- Aliases
- Published
- 2024-03-06T11:11:40.396Z
- Modified
- 2025-11-06T13:25:46.476Z
- Summary
- [none]
- Details
-
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
- Database specific
{ "cpes": [ "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html
- https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html
- https://security.netapp.com/advisory/ntap-20201016-0007/
- https://www.debian.org/security/2021/dsa-4835
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-13943
Affected packages
Bitnami / tomcat
Package
- Name
- tomcat
- Purl
- pkg:bitnami/tomcat
Severity
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced8.5.0Fixed8.5.1Introduced8.5.1Fixed8.5.2Introduced8.5.2Fixed8.5.3Introduced8.5.3Fixed8.5.4Introduced8.5.4Fixed8.5.5Introduced8.5.5Fixed8.5.6Introduced8.5.6Fixed8.5.7Introduced8.5.7Fixed8.5.8Introduced8.5.8Fixed8.5.9Introduced8.5.9Fixed8.5.10Introduced8.5.10Fixed8.5.11Introduced8.5.11Fixed8.5.12Introduced8.5.12Fixed8.5.13Introduced8.5.13Fixed8.5.14Introduced8.5.14Fixed8.5.15Introduced8.5.15Fixed8.5.16Introduced8.5.16Fixed8.5.17Introduced8.5.17Fixed8.5.18Introduced8.5.18Fixed8.5.19Introduced8.5.19Fixed8.5.20Introduced8.5.20Fixed8.5.21Introduced8.5.21Fixed8.5.22Introduced8.5.22Fixed8.5.23Introduced8.5.23Fixed8.5.24Introduced8.5.24Fixed8.5.25Introduced8.5.25Fixed8.5.26Introduced8.5.26Fixed8.5.27Introduced8.5.27Fixed8.5.28Introduced8.5.28Fixed8.5.29Introduced8.5.29Fixed8.5.30Introduced8.5.30Fixed8.5.31Introduced8.5.31Fixed8.5.32Introduced8.5.32Fixed8.5.33Introduced8.5.33Fixed8.5.34Introduced8.5.34Fixed8.5.35Introduced8.5.35Fixed8.5.36Introduced8.5.36Fixed8.5.37Introduced8.5.37Fixed8.5.38Introduced8.5.38Fixed8.5.39Introduced8.5.39Fixed8.5.40Introduced8.5.40Fixed8.5.41Introduced8.5.41Fixed8.5.42Introduced8.5.42Fixed8.5.43Introduced8.5.43Fixed8.5.44Introduced8.5.44Fixed8.5.45Introduced8.5.45Fixed8.5.46Introduced8.5.46Fixed8.5.47Introduced8.5.47Fixed8.5.48Introduced8.5.48Fixed8.5.49Introduced8.5.49Fixed8.5.50Introduced8.5.50Fixed8.5.51Introduced8.5.51Fixed8.5.52Introduced8.5.52Fixed8.5.53Introduced8.5.53Fixed8.5.54Introduced8.5.54Fixed8.5.55Introduced8.5.55Fixed8.5.56Introduced8.5.56Fixed8.5.57Introduced8.5.57Fixed8.5.58Introduced9.0.0Fixed9.0.38