FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-15 13:57:56 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6a72eff7-ccd6-11ea-9172-4c72b94353b5	Apache Tomcat -- Multiple Vulnerabilities The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Discovery 2020-07-05 Entry 2020-07-23 Modified 2020-07-23 tomcat7 < 7.0.105 tomcat85 < 8.5.57 tomcat9 < 9.0.37 tomcat-devel < 10.0.0.M7 https://tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-10.html CVE-2020-11996 CVE-2020-13934 CVE-2020-13935
556fdf03-6785-11ed-953b-002b67dfc673	Tomcat -- Request Smuggling Apache Tomcat reports: If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. The CVSS score for this vulnerability is 7.5 High Discovery 2022-10-31 Entry 2022-11-18 tomcat >= 8.5.0 lt 8.5.83 >= 9.0.0-M1 lt 9.0.68 >= 10.0.0-M1 lt 10.0.27 >= 10.1.0-M1 lt 10.1.1 tomcat85 >= 8.5.0 lt 8.5.83 tomcat9 >= 9.0.0-M1 lt 9.0.68 tomcat10 >= 10.0.0-M1 lt 10.0.27 tomcat101 >= 10.1.0-M1 lt 10.1.1 tomcat-devel >= 10.1.0-M1 lt 10.1.1 CVE-2022-42252 https://nvd.nist.gov/vuln/detail/CVE-2022-42252

VuXML ID

Description

6a72eff7-ccd6-11ea-9172-4c72b94353b5

Apache Tomcat -- Multiple Vulnerabilities

The Apache Software Foundation reports:

An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Discovery 2020-07-05
Entry 2020-07-23
Modified 2020-07-23
tomcat7

< 7.0.105

tomcat85

< 8.5.57

tomcat9

< 9.0.37

tomcat-devel

< 10.0.0.M7

https://tomcat.apache.org/security-7.html
https://tomcat.apache.org/security-8.html
https://tomcat.apache.org/security-9.html
https://tomcat.apache.org/security-10.html
CVE-2020-11996
CVE-2020-13934
CVE-2020-13935

556fdf03-6785-11ed-953b-002b67dfc673

Tomcat -- Request Smuggling

Apache Tomcat reports:

If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

The CVSS score for this vulnerability is 7.5 High

Discovery 2022-10-31
Entry 2022-11-18
tomcat

>= 8.5.0 lt 8.5.83

>= 9.0.0-M1 lt 9.0.68

>= 10.0.0-M1 lt 10.0.27

>= 10.1.0-M1 lt 10.1.1

tomcat85

>= 8.5.0 lt 8.5.83

tomcat9

>= 9.0.0-M1 lt 9.0.68

tomcat10

>= 10.0.0-M1 lt 10.0.27

tomcat101

>= 10.1.0-M1 lt 10.1.1

tomcat-devel

>= 10.1.0-M1 lt 10.1.1

CVE-2022-42252
https://nvd.nist.gov/vuln/detail/CVE-2022-42252