Advisories ยป MGASA-2020-0397

Updated tomcat packages fix a security vulnerability

Publication date: 29 Oct 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13943


If an HTTP/2 client exceeded the agreed maximum number of concurrent streams
for a connection (in violation of the HTTP/2 protocol), it was possible that a
subsequent request made on that connection could contain HTTP headers -
including HTTP/2 pseudo headers - from a previous request rather than the
intended headers. This could lead to users seeing responses for unexpected
resources (CVE-2020-13943).