{"vulnerability": "CVE-2020-13935", "sightings": [{"uuid": "7c26f608-16d4-46c0-8902-a19733712ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13935", "type": "seen", "source": "MISP/34540bf7-5e7a-4672-a446-ccb49e090a14", "content": "", "creation_timestamp": "2024-11-14T06:07:16.000000Z"}, {"uuid": "a2b67c3f-f05e-45ca-9ba1-afe5c9b1ddff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13935", "type": "seen", "source": "https://t.me/arpsyndicate/240", "content": "#ExploitObserverAlert\n\nCVE-2020-13935\n\nDESCRIPTION: Exploit Observer has 42 entries related to CVE-2020-13935. The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.\n\nFIRST-EPSS: 0.168170000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-17T08:31:40.000000Z"}, {"uuid": "d8588e66-94ff-46e9-9f70-13fbd1571e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13935", "type": "published-proof-of-concept", "source": "Telegram/dDGspb0La_WpXiaTaM9n6NMVAov5bI3B8tmrXzBSpRo3Hw", "content": "", "creation_timestamp": "2020-11-03T14:06:18.000000Z"}, {"uuid": "dceb5c2e-8ef4-40d6-ae77-7b3ffdd439e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13935", "type": "seen", "source": "https://t.me/thehackernews/763", "content": "Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.\n\nhttp://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E\n\nhttp://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E", "creation_timestamp": "2020-07-15T00:02:15.000000Z"}, {"uuid": "2a92ac9b-aee0-475c-bd89-10d0fad8bb31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13935", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2033", "content": "Exploit for WebSocket Vulnerability (CVE-2020-13935) in Apache Tomcat 10 M1-M6, 9.0-9.0.36, 8.5-8.5.56, 7.0.27-7.0.104\nhttps://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat\nPoC:\nhttps://github.com/RedTeamPentesting/CVE-2020-13935", "creation_timestamp": "2020-11-03T22:15:14.000000Z"}]}