Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-13935 - WebSocket Frame Payload Length Validation Denial of Service #11019

Open
1 task done
princechaddha opened this issue Oct 16, 2024 · 13 comments
Open
1 task done
Assignees
Labels
💎 Bounty template-requests Request for new Nuclei templates to be created

Comments

@princechaddha
Copy link
Member

princechaddha commented Oct 16, 2024

Is there an existing template for this?

  • I have searched the existing templates.

Template requests

Title: CVE-2020-13935 - WebSocket Frame Payload Length Validation Denial of Service

Description:
Apache Tomcat versions 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104 contain a vulnerability in the WebSocket module where the payload length of WebSocket frames is not correctly validated. This can lead to an infinite loop when processing frames with invalid payload lengths. Attackers can exploit this flaw by sending multiple malicious requests, resulting in a denial of service (DoS) on the affected Tomcat instance.

Severity:
High (CVSS: 7.5, Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H])

POC:

References:

Shodan Query:
html:"Apache Tomcat"

CPE:
cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:::::::*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:::::::*

Anything else?

No response

@princechaddha princechaddha added the template-requests Request for new Nuclei templates to be created label Oct 16, 2024
@princechaddha
Copy link
Member Author

/bounty $50

Copy link

algora-pbc bot commented Oct 16, 2024

💎 $50 bounty • ProjectDiscovery Bounty Available for CVE Template Contribution

Steps to Contribute:

  • Claim attempt: Comment /attempt #11019 on this issue to claim attempt.
  • Write the Template: Create a high-quality Nuclei template for the specified CVE, following our Contribution Guidelines and Acceptance Criteria.
  • Submit the Template: Open a pull request (PR) to projectdiscovery/nuclei-templates and include /claim #11019 in the PR body to claim the bounty.
  • Receive Payment: Upon successful merge of your PR, you will receive 100% of the bounty through Algora.io within 2-5 days. Ensure you are eligible for payouts.

Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🔴 @m4lwhere Oct 21, 2024, 6:19:06 PM WIP
🔴 @sachinks07 Oct 29, 2024, 7:10:32 PM WIP
🟢 @sttlr Nov 7, 2024, 8:27:27 AM #11164
🔴 @Harsh9485 Nov 7, 2024, 12:15:31 PM WIP

@m4lwhere
Copy link

m4lwhere commented Oct 21, 2024

/attempt #11019

Copy link

algora-pbc bot commented Oct 25, 2024

@m4lwhere: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏

Copy link

algora-pbc bot commented Oct 29, 2024

The bounty is up for grabs! Everyone is welcome to /attempt #11019 🙌

@sachinks07
Copy link

sachinks07 commented Oct 29, 2024

/attempt #11019

Copy link

algora-pbc bot commented Nov 2, 2024

@sachinks07: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏

Copy link

algora-pbc bot commented Nov 6, 2024

The bounty is up for grabs! Everyone is welcome to /attempt #11019 🙌

@sttlr
Copy link
Contributor

sttlr commented Nov 7, 2024

/attempt #11019

Algora profile Completed bounties Tech Active attempts Options
@sttlr 2 projectdiscovery bounties
JavaScript, Go,
Shell & more
Cancel attempt

@Harsh9485
Copy link

Harsh9485 commented Nov 7, 2024

/attempt #11002

Copy link

algora-pbc bot commented Nov 7, 2024

Note

The user @sttlr is already attempting to complete issue #11019 and claim the bounty. We recommend checking in on @sttlr's progress, and potentially collaborating, before starting a new solution.

Copy link

algora-pbc bot commented Nov 7, 2024

💡 @sttlr submitted a pull request that claims the bounty. You can visit your bounty board to reward.

Copy link

algora-pbc bot commented Dec 13, 2024

@sttlr: You've been awarded a $50 bounty by projectdiscovery! 👉 Complete your Algora onboarding to collect the bounty.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
💎 Bounty template-requests Request for new Nuclei templates to be created
Projects
None yet
Development

No branches or pull requests

6 participants