|Category:||Web application abuses|
|Title:||Apache Tomcat HTTP/2 Vulnerability - Oct20 (Windows)|
|Summary:||Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2.|
Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2.
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams
for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that
connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than
the intended headers. This could lead to users seeing responses for unexpected resources.
Apache Tomcat 8.5.1 to 8.5.57, 9.0.0.M5 to 9.0.37 and 10.0.0-M1 to 10.0.0-M7.
Update to version 8.5.58, 9.0.38, 10.0.0-M8 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-13943|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.