CVE-2020-11996

HIGH

Apache Tomcat <10.0.0-M6, <9.0.36, <8.5.56 - DoS

Title source: llm

Description

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Exploits (1)

nomisec WORKING POC 5 stars

by rusakovichma · poc

https://github.com/rusakovichma/tomcat-embed-core-9.0.31-CVE-2020-11996

View Code ZIP pw:eip

References (24)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html

[Mailing List, Vendor Advisory] https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200709-0002/

[Third Party Advisory] https://usn.ubuntu.com/4596-1/

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4727

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2021.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2020.html

[Mailing List] https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79%40%3Cusers.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338%40%3Cnotifications.ofbiz.apache.org%3E

... and 4 more

Scores

CVSS v3 7.5

EPSS 0.4512

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (16)

apache/tomcat 9.0.0 milestone1 (27 CPE variants)

apache/tomcat 10.0.0 milestone1 (5 CPE variants)

apache/tomcat 8.5.0 - 8.5.55

canonical/ubuntu_linux 20.04

debian/debian_linux 9.0

debian/debian_linux 10.0

netapp/oncommand_system_manager 3.0

netapp/oncommand_system_manager 3.1.3

opensuse/leap 15.1

opensuse/leap 15.2

... and 6 more

Published Jun 26, 2020

Tracked Since Feb 18, 2026