08-11-2020 10:46 AM
Hello team, I was informed by our security team that the CSPC server hosted in our internal network has a vulnerability: - Apache Tomcat WebSocket Denial of Service Vulnerability We are using the CSCP version 2.8.1.8. How I can fix this vulnerability?
Solved! Go to Solution.
08-13-2020 11:12 AM
I've just confirmed that there are a number of discussions already in progress about this and other related CVEs for this Tomcat concern. I'll be able to follow up once some specifics are made available.
08-18-2020 01:32 PM
08-12-2020 09:57 AM
08-12-2020 11:48 AM
Hello Justin,
according our security team the CSV is this:
WebSocket DoS CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
thanks,
Frank
08-13-2020 11:12 AM
I've just confirmed that there are a number of discussions already in progress about this and other related CVEs for this Tomcat concern. I'll be able to follow up once some specifics are made available.
08-18-2020 01:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide