Test Kennung:	1.3.6.1.4.1.25623.1.0.144736
Kategorie:	Web Servers
Titel:	Apache Tomcat HTTP/2 Vulnerability (Oct 2020) - Windows
Zusammenfassung:	Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2.
Beschreibung:	Summary: Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2. Vulnerability Insight: If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. Affected Software/OS: Apache Tomcat 8.5.1 to 8.5.57, 9.0.0.M5 to 9.0.37 and 10.0.0-M1 to 10.0.0-M7. Solution: Update to version 8.5.58, 9.0.38, 10.0.0-M8 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-13943 https://security.netapp.com/advisory/ntap-20201016-0007/ Debian Security Information: DSA-4835 (Google Search) https://www.debian.org/security/2021/dsa-4835 https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E https://www.oracle.com/security-alerts/cpuApr2021.html https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html SuSE Security Announcement: openSUSE-SU-2020:1799 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html SuSE Security Announcement: openSUSE-SU-2020:1842 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html
Copyright	Copyright (C) 2020 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.