Miggo Logo
Miggo Vulnerability Database
CVE-2020-13934

CVE-2020-13934: Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-13934
GHSA ID
GHSA-vf77-8h7g-gghp
EPSS Score
0.95589%
CWE
CWE-119
Published
2/8/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat:tomcatmaven>= 10.0.0-M1, <= 10.0.0-M510.0.0-M6
org.apache.tomcat:tomcatmaven>= 9.0.0.M5, < 9.0.369.0.36
org.apache.tomcat:tomcatmaven>= 8.5.1, < 8.5.568.5.56

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the description of the vulnerability and the likely involvement of HTTP/2 and HTTP/1.1 handling in Apache Tomcat. The exact function names are inferred based on typical Tomcat architecture and the nature of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *** *ir**t *onn**tion to *p**** Tom**t **.*.*-M* to **.*.*-M*, *.*.*.M* to *.*.** *n* *.*.* to *.*.** *i* not r*l**s* t** *TTP/*.* pro**ssor **t*r t** up*r*** to *TTP/*. I* * su**i*i*nt num**r o* su** r*qu*sts w*r* m***, *n OutO*M*mory*x**ption *o

Reasoning

T** *n*lysis is **s** on t** **s*ription o* t** vuln*r**ility *n* t** lik*ly involv*m*nt o* `*TTP/*` *n* `*TTP/*.*` **n*lin* in `*p**** Tom**t`. T** *x**t *un*tion n*m*s *r* in**rr** **s** on typi**l `Tom**t` *r**it**tur* *n* t** n*tur* o* t** vuln*r