-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-13935 - WebSocket Frame Payload Length Validation Denial of Service #11019
Comments
/bounty $50 |
💎 $50 bounty • ProjectDiscovery Bounty Available for CVE Template ContributionSteps to Contribute:
Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!
Add a bounty • Share on socials
|
/attempt #11019 Options |
@m4lwhere: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
The bounty is up for grabs! Everyone is welcome to |
/attempt #11019 Options |
@sachinks07: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
The bounty is up for grabs! Everyone is welcome to |
/attempt #11019
|
/attempt #11002 Options |
💡 @sttlr submitted a pull request that claims the bounty. You can visit your bounty board to reward. |
@sttlr: You've been awarded a $50 bounty by projectdiscovery! 👉 Complete your Algora onboarding to collect the bounty. |
Is there an existing template for this?
Template requests
Title: CVE-2020-13935 - WebSocket Frame Payload Length Validation Denial of Service
Description:
Apache Tomcat versions 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104 contain a vulnerability in the WebSocket module where the payload length of WebSocket frames is not correctly validated. This can lead to an infinite loop when processing frames with invalid payload lengths. Attackers can exploit this flaw by sending multiple malicious requests, resulting in a denial of service (DoS) on the affected Tomcat instance.
Severity:
High (CVSS: 7.5, Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H])
POC:
References:
Shodan Query:
html:"Apache Tomcat"
CPE:
cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:::::::*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:::::::*
Anything else?
No response
The text was updated successfully, but these errors were encountered: