svn commit: r542934 - head/security/vuxml
Jochen Neumeister
joneum at FreeBSD.org
Thu Jul 23 14:42:26 UTC 2020
Author: joneum
Date: Thu Jul 23 14:42:25 2020
New Revision: 542934
URL: https://svnweb.freebsd.org/changeset/ports/542934
Log:
modified the tomcat entry and add CVE-2020-11996
PR: 247555
Sponsored by: Netzkommune GmbH
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jul 23 14:35:31 2020 (r542933)
+++ head/security/vuxml/vuln.xml Thu Jul 23 14:42:25 2020 (r542934)
@@ -87,6 +87,9 @@ Notes:
<p>The payload length in a WebSocket frame was not correctly validated.
Invalid payload lengths could trigger an infinite loop. Multiple
requests with invalid payload lengths could lead to a denial of service.</p>
+ <p>A specially crafted sequence of HTTP/2 requests could trigger high CPU
+ usage for several seconds. If a sufficient number of such requests were
+ +made on concurrent HTTP/2 connections, the server could become unresponsive.</p>
</body>
</description>
<references>
@@ -94,12 +97,14 @@ Notes:
<url>https://tomcat.apache.org/security-8.html</url>
<url>https://tomcat.apache.org/security-9.html</url>
<url>https://tomcat.apache.org/security-10.html</url>
+ <cvename>CVE-2020-11996</cvename>
<cvename>CVE-2020-13934</cvename>
<cvename>CVE-2020-13935</cvename>
</references>
<dates>
<discovery>2020-07-05</discovery>
<entry>2020-07-23</entry>
+ <modified>2020-07-23</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list