Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 denial of service

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Oracle Instantis EnterpriseTrack 17.1/17.2/17.3. This issue affects an unknown functionality. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:36 AM11/22/2020 09:18 PM11/22/2020 09:23 PM
vendorOracleOracleOracle
nameInstantis EnterpriseTrackInstantis EnterpriseTrackInstantis EnterpriseTrack
cveCVE-2020-13935CVE-2020-13935CVE-2020-13935
risk222
cwe404404404
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version17.1/17.2/17.317.1/17.2/17.317.1/17.2/17.3
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.87.87.8
cvss2_vuldb_tempscore6.86.86.8
cvss3_vuldb_basescore7.57.57.5
cvss3_vuldb_tempscore7.27.27.2
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.27.27.2
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore5.05.05.0
cvss3_nvd_basescore7.57.57.5
cve_assigned15915672001591567200
cve_nvd_summaryThe payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
confirm_urlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10332https://kc.mcafee.com/corporate/index?page=content&id=SB10332
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP

Do you know our Splunk app?

Download it now for free!