CVE-2020-13935 : The payload length in a WebSocket frame was not correctly validated in Apache To

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Published 2020-07-14 15:15:11

Updated 2022-05-12 15:01:13

Source Apache Software Foundation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-13935

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat
Versions from including (>=) 9.0.1 and up to, including, (<=) 9.0.36
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat
Versions from including (>=) 7.0.27 and up to, including, (<=) 7.0.104
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat
Versions from including (>=) 8.5.0 and up to, including, (<=) 8.5.56
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone1
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone10
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone11
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone12
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone13
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone14
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone15
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone16
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone17
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone18
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone19
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone2
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone20
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone21
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone22
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone23
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone24
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone25
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone26
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone27
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone3
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone4
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone5
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone6
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone7
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone8
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone9
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 10.0.0 Update Milestone1
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 10.0.0 Update Milestone2
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 10.0.0 Update Milestone3
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 10.0.0 Update Milestone4
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 10.0.0 Update Milestone5
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 10.0.0 Update Milestone6
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
Matching versions
Oracle » Mysql Enterprise Monitor
Versions up to, including, (<=) 8.0.21
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Engineering Data Management » Version: 6.2.1.0
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Siebel Ui Framework
Versions up to, including, (<=) 20.12
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
Matching versions
Oracle » Commerce Guided Search » Version: 11.3.2
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
Matching versions
Oracle » Managed File Transfer » Version: 12.2.1.3.0
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Managed File Transfer » Version: 12.2.1.4.0
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Instantis Enterprisetrack » Version: 17.1
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
Matching versions
Oracle » Instantis Enterprisetrack » Version: 17.2
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
Matching versions
Oracle » Instantis Enterprisetrack » Version: 17.3
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Plm » Version: 9.3.5
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Plm » Version: 9.3.6
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Plm » Version: 9.3.3
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Instant Messaging Server » Version: 10.0.1.5.0
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
Matching versions
Oracle » Workload Manager » Version: 12.2.0.1
cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Workload Manager » Version: 18C
cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*
Matching versions
Oracle » Workload Manager » Version: 19C
cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Policy » Version: 1.14.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Matching versions
Oracle » Fmw Platform » Version: 12.2.1.3.0
cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Fmw Platform » Version: 12.2.1.4.0
cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Blockchain Platform
Versions before (<) 21.1.2
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.9.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 2
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 3
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.9.1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 4
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 5
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 6
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 7
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 8
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand System Manager
Versions from including (>=) 3.0.0 and up to, including, (<=) 3.1.3
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-13935

Top countries where our scanners detected CVE-2020-13935

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-13935 374,410

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-13935!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-13935

EPSS FAQ

91.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-13935

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-13935

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-13935

https://www.oracle.com/security-alerts/cpuoct2020.html

Oracle Critical Patch Update Advisory - October 2020
Patch;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4596-1/

USN-4596-1: Tomcat vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuapr2022.html

Oracle Critical Patch Update Advisory - April 2022
Patch;Third Party Advisory

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10332

McAfee Security Bulletin - ePolicy Orchestrator update addresses multiple vulnerabilities (CVE-2020-7317, CVE-2020-7318, CVE-2020-13935, CVE-2020-9484, CVE-2020-14621, CVE-2020-14573, CVE-2020-14578,
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

[security-announce] openSUSE-SU-2020:1102-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com//security-alerts/cpujul2021.html

Oracle Critical Patch Update Advisory - July 2021
Patch;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujan2022.html

Oracle Critical Patch Update Advisory - January 2022
Patch;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4448-1/

USN-4448-1: Tomcat vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Critical Patch Update Advisory - January 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

[SECURITY] [DLA 2286-1] tomcat8 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuApr2021.html

Oracle Critical Patch Update Advisory - April 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

[SECURITY] CVE-2020-13935 Apache Tomcat WebSocket Denial of Service - Pony Mail
Mailing List;Release Notes;Vendor Advisory
https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E

Re: Strange crash-on-takeoff, Tomcat 7.0.104 - Pony Mail
Mailing List;Third Party Advisory
https://security.netapp.com/advisory/ntap-20200724-0003/

July 2020 Apache Tomcat Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuoct2021.html

Oracle Critical Patch Update Advisory - October 2021
Not Applicable;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4727

Debian -- Security Information -- DSA-4727-1 tomcat9
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

[security-announce] openSUSE-SU-2020:1111-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url