CVE List


Critical 7.5

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

Published September 9, 2020.

Affected software

Redhat Jboss Enterprise Application Platform

Redhat Jbossweb

Reference links

Sign Up for Alerts