CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M5
Apache Tomcat 9.0.0.M1 to 9.0.35
Apache Tomcat 8.5.0 to 8.5.55
Description:
A specially crafted sequence of HTTP/2 requests co
Author: markt
Date: Thu Jun 25 21:55:42 2020
New Revision: 1879208
URL: http://svn.apache.org/viewvc?rev=1879208&view=rev
Log:
Add details for CVE-2020-11996
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
The Buildbot has detected a restored build on builder tomcat-trunk while
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5273
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: asf946_ubuntu
Build Reason: The AnyBranchScheduler
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 842df87 Fix various potential timing issues with t
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 3f205cc Fix various potential timing issues with
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2a13558 Fix various potential timing issues with t
The Buildbot has detected a new failure on builder tomcat-trunk while building
tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5272
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: asf946_ubuntu
Build Reason: The AnyBranchScheduler sc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d88e0840c0278ed72fb14d9bf65b67097fe5a0bb
Author: Mark Thomas
AuthorDate: Thu Jun 25 11:57:58 2020 +0100
Add the plumb
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from abdd02d Make sure recycle() is called once the Stream is closed
new d88e084 Add the plumbing to 'recycle' an HTT
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 112992d9e16c76bd3546499477f29ef864bf25ac
Author: Mark Thomas
AuthorDate: Thu Jun 25 14:40:27 2020 +0100
Reduce the me
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 61980cdfdcdada9cd023d30ab5af35010b1e084b
Author: Mark Thomas
AuthorDate: Thu Jun 25 11:57:58 2020 +0100
Add the plumb
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e57d32d8636811ad26128dab53ca06c71437aa5e
Author: Mark Thomas
AuthorDate: Thu Jun 25 14:40:27 2020 +0100
Reduce the me
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 1094d17 Update Graal documentation to reflect changes
new 61980cd Add the plumbing to 'recycle' an HTTP/2 Stream
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 6a3cae6 Update Graal documentation to reflect changes
add 3df857f Add the plumbing to 'recycle' an HTTP/2 Strea
The Buildbot has detected a restored build on builder tomcat-trunk while
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5271
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: asf946_ubuntu
Build Reason: The AnyBranchScheduler
rmaucher commented on pull request #307:
URL: https://github.com/apache/tomcat/pull/307#issuecomment-649544386
Nice, so it would seem it takes about 8 minutes now, down from 30 minutes
initially. Eventually more "unimportant" tests could be excluded to get this
down. I got confused with th
rotty3000 commented on pull request #307:
URL: https://github.com/apache/tomcat/pull/307#issuecomment-649530867
@rmaucher I have made the requested changes:
- only trunk
- use nio
- excluded tests slower than 5 seconds
--
This is an automated email from the ASF dual-hosted git repository.
remm pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from dd35fd4 Make sure recycle() is called once the Stream is closed
new 9eec670 Delete AOT Maven packaging from 9
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1094d17cfbdfbbc635582fd133612e4b5907ea7d
Author: remm
AuthorDate: Thu Jun 25 14:57:54 2020 +0200
Update Graal document
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 9eec670512e044b0dc7f9e943375cf882e88e430
Author: remm
AuthorDate: Thu Jun 25 15:00:25 2020 +0200
Delete AOT Maven pack
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 6a3cae6 Update Graal documentation to reflect cha
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new a1a4457 Move AOT compilation packaging to a new m
rmaucher commented on pull request #307:
URL: https://github.com/apache/tomcat/pull/307#issuecomment-649522279
Looks good to me. Personally, I don't panic when I see a few random failures.
Since this is meant as a smoke test, and in an effort to not spam too much
about failures, I wo
Understood, sorry for the noise.
- Ray
On Thu, Jun 25, 2020, 02:27 Rémy Maucherat, wrote:
> On Thu, Jun 25, 2020 at 3:28 AM Raymond Auge
> wrote:
>
>> Sorry folks, but here are two more intermittent Http2 test failures:
>>
>> 2020-06-25T01:09:24.3494270Z[concat] Testsuites with failed test
The Buildbot has detected a new failure on builder tomcat-trunk while building
tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5270
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: asf946_ubuntu
Build Reason: The AnyBranchScheduler sc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new abdd02d Make sure recycle() is called once the Str
https://bz.apache.org/bugzilla/show_bug.cgi?id=64560
Max Lohrmann changed:
What|Removed |Added
CC||p...@wickenrode.com
--
You are receivi
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new dd35fd4 Make sure recycle() is called once the Str
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 785cc6e Make sure recycle() is called once the S
https://bz.apache.org/bugzilla/show_bug.cgi?id=64560
--- Comment #1 from Max Lohrmann ---
Sorry, typo.
It should have said
removeAttribute("A");
above (not C).
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=64560
Bug ID: 64560
Summary: DeltaSession discards pending deltas when
changeSessionId() is called
Product: Tomcat 9
Version: 9.0.34
Hardware: PC
OS: Linux
31 matches
Mail list logo
