VDB

GCVE-110-MAGEIA-2020-397

GCVE-110-MAGEIA-2020-397
Advisory Published
Vulnetix · Advisory published October 29, 2020
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources (CVE-2020-13943).

Affected Products

VendorProductVersionsPlatforms
Mageiatomcat0 (affected), 9.0.38-1.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›