Apache Tomcat拒绝服务漏洞(CVE 2020 13935)
漏洞详情¶
受影响版本¶
Apache Tomcat 10.0.0-M1~10.0.0-M6
Apache Tomcat 9.0.0.M1~9.0.36
Apache Tomcat 8.5.0~8.5.56
Apache Tomcat 7.0.27~7.0.104
漏洞详情¶
根据https://github.com/RedTeamPentesting/CVE-2020-13935
运行命令
go run main.go ws://localhost/examples/websocket/echoProgrammatic
可以看到cpu立即被占满
漏洞修复方案:¶
升级到Apache Tomcat 10.0.0-M7+
升级到Apache Tomcat 9.0.37+
升级到Apache Tomcat 8.5.57