Search for packages
| purl | pkg:rpm/redhat/tomcat8@8.0.36-45.ep7?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-nvbx-q971-skgm
Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | There are no reported fixed by versions. |
|
VCID-yfx4-4gsc-2kgh
Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r |
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:12:14.548563+00:00 | RedHat Importer | Affected by | VCID-yfx4-4gsc-2kgh | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json | 38.0.0 |
| 2026-04-01T14:05:43.770932+00:00 | RedHat Importer | Affected by | VCID-nvbx-q971-skgm | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json | 38.0.0 |