CVE-2020-11996 vulnerability in Apache and Other Products
Published on June 26, 2020

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-11996

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-11996 are published in these products:

Apache Tomcat

Oracle Mysql Enterprise Monitor

Oracle Siebel Ui Framework

Canonical Ubuntu Linux

Debian Linux

OpenSuse Leap

Oracle

Affected Versions

Apache Tomcat:

Version 10.0.0-M1 to 10.0.0-M5 is affected.
Version 9.0.0.M1 to 9.0.35 is affected.
Version 8.5.0 to 8.5.55 is affected.

Exploit Probability

EPSS

24.44%

Percentile

95.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-11996 vulnerability in Apache and Other ProductsPublished on June 26, 2020

Products Associated with CVE-2020-11996

Affected Versions

Exploit Probability

CVE-2020-11996 vulnerability in Apache and Other Products
Published on June 26, 2020