OpenSUSE Linux update for tomcat

Jul 24, 2020 12:00 am Cyber Security 204

Published: 2020-07-24

Security Advisory


This security advisory describes one medium risk vulnerability.



1) Resource management error


Severity: Medium


CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]


CVE-ID: CVE-2020-11996


CWE-ID: CWE-399 - Resource Management Errors


Exploit availability: No


Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.


The vulnerability exists due to improper management of internal resources with the application when processing HTTP/2 requests. A remote attacker can send specially crafted sequence of HTTP/2 requests to the affected server and trigger high CPU load for several seconds. A large number of such requests causes denial of service.


Mitigation

Update the affected packages.


Vulnerable software versions

Opensuse: 15.1


CPE
External links

https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html


Q & A


Can this vulnerability be exploited remotely?


Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.


Is there known malware, which exploits this vulnerability?


No. We are not aware of malware exploiting this vulnerability.




Support the originator by clicking the read the rest link below.
opensuse linux update tomcat
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!