CVE-2020-13943 vulnerability in Apache and Other Products
Published on October 12, 2020

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-13943

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-13943 are published in these products:

Apache Tomcat

Debian Linux

Canonical Ubuntu Linux

Oracle Instantis Enterprisetrack

Oracle Sd Wan Edge

Oracle

Exploit Probability

EPSS

9.57%

Percentile

92.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-13943 vulnerability in Apache and Other ProductsPublished on October 12, 2020

Products Associated with CVE-2020-13943

Exploit Probability

CVE-2020-13943 vulnerability in Apache and Other Products
Published on October 12, 2020