Tomcat

CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service

Published: 2020-06-25
MITRE CVE-2020-11996

“A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.”

CVSS Base score: 7.5 (or 5.9 if Attack Complexity turns out to be High)
CVSS Temporal Score: 6.5 as of 2020-06-26 (Unproven exploit code and Official Patch available)
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

This vulnerability is remedied by upgrading to new version. Basefarm recommends upgrading to these version as soon as possible, at least within a week.