VDB

CVE-2020-11996

CVE-2020-11996 PUBLISHED

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

EPSS 45.12% · 97.7th percentile

Risk Scores

EPSS Score
45.12%
97.7th percentile

Affected Products

VendorProductVersions
Bitnamitomcat8.5.0, 9.0.0, 8.5.0
Bitnamitomcat8.5.0, 9.0.0

Timeline

  • CVE Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Apr 3, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score
  • May 1, 2025 EPSS Score

References

…and 5 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›