Chapter 4. Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2020-11996

Moderate

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS [jws-5]

CVE-2020-13934

Important

tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS [jws-5]

CVE-2020-13935

Important

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [jws-5]