The Exploit Code of Tomcat WebSocket DoS Vulnerability (CVE-2020-13935) Is Disclosed
Nov 13, 2020 GMT+08:00
External security researchers have recently disclosed the POC and details of the WebSocket DoS vulnerability (CVE-2020-13935), which was officially disclosed by Tomcat in July. This vulnerability's CVSS score is 7.5. This vulnerability appears in conjunction with WebSockets.
For more information about this vulnerability, visit the following websites:
(Severity: low, moderate, important, and critical)
III. Affected Products
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M1 to 9.0.36
Apache Tomcat 8.5.0 to 8.5.56
Apache Tomcat 7.0.27 to 7.0.104
Apache Tomcat 10.0.0-M7 and later
Apache Tomcat 9.0.37 and later
Apache Tomcat 8.5.57 and later
IV. Vulnerability Handling
Upgrade to a secure version:
Alternatively, take the following mitigation measures:
Disable WebSocket for unnecessary services.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.