VDB

BIT-tomcat-2020-13935

BIT-tomcat-2020-13935 PUBLISHED CVSS 7.5 HIGH

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 9.0.0 through 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Bitnamitomcat7.0.27, 8.5.0, 9.0.1

Exploit Intelligence

Timeline

  • Mar 6, 2024 CVE Published
  • Mar 20, 2026 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›