{"id":"CVE-2020-13943","details":"If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.","aliases":["BIT-tomcat-2020-13943","GHSA-f268-65qc-98vg"],"modified":"2026-05-28T04:05:25.551945853Z","published":"2020-10-12T14:15:12.183Z","related":["SUSE-SU-2020:2996-1","SUSE-SU-2020:3068-1","SUSE-SU-2020:3069-1","SUSE-SU-2021:0040-1","SUSE-SU-2026:1058-1","openSUSE-SU-2020:1799-1","openSUSE-SU-2020:1842-1","openSUSE-SU-2024:11468-1","openSUSE-SU-2024:13441-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]},{"vendor_product":"oracle:instantis_enterprisetrack","source":"CPE_STRING","extracted_events":[{"last_affected":"17.1"},{"last_affected":"17.2"},{"last_affected":"17.3"}],"cpes":["cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"]},{"vendor_product":"oracle:sd-wan_edge","source":"CPE_STRING","extracted_events":[{"last_affected":"9.0"}],"cpes":["cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20201016-0007/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4835"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"0"},{"last_affected":"e37b977db6f47e4380ad67114a49e8568951c953"},{"last_affected":"389365303d986b2a918bc95f39421b27a2c9ff30"},{"last_affected":"f5dffa6e1148080fe5dc3690df917e805c72a714"},{"last_affected":"bdd72e8bc872876689e41631e47942366ca03364"},{"last_affected":"3e5565173dfe107f90419ab63bd4e2e7edc9deb4"},{"last_affected":"c6a2c4ed296c7f8839b72e8e31cb53b84102d02c"},{"last_affected":"61ff12fb282b1d00593b8d16e94ab8ec02f8d5be"},{"last_affected":"b5205c92f41dfd9a67f78bc783db7b022e38226c"},{"last_affected":"4178d385e09435a88ac34cf7025526b7f0055c55"},{"last_affected":"80083369bb8178efc49374a65d7eb73465e77f8b"},{"last_affected":"e14e9824c3087f79621a9796ddf9b3432be02858"},{"last_affected":"20ec6f6f034bb5eebe4f1b52140b680aaff6f380"},{"last_affected":"e95b65a27af4cd6681b6dc1bf17ee5abb897610d"},{"last_affected":"89b28f6ba651c13de6d63f615b23a33b2877f7ac"},{"last_affected":"fdeed5fdfb166f13d74a9feb7ee1ac294aaac54c"},{"last_affected":"f827002704439e842b2450c3ce9da2f421b4f7d6"},{"last_affected":"0f7cba76901cc129cd0f04956b84f703349548b5"},{"last_affected":"fa23d9518b2a8d6b0ab0dcdb0a4e3e2866e8bad7"},{"last_affected":"e5f53cc522d4e1e97f1a8805d4d6c74d4e187b77"},{"last_affected":"7d6cf6ec6c467a5cd3fd69c50d5fde5b4d7b4f5f"},{"last_affected":"91f0a6076a682a62c8f1036701ce16ed587385ce"},{"last_affected":"a61b9e5bde9b0ad7681bed4730b4ecafc05ff97b"},{"last_affected":"b3d863f29edd6dbee7e78974c2ca110d0b4dd4ae"},{"last_affected":"66ebf0df1f2f072d1ecdf63f391026fb1b49bae2"},{"last_affected":"054f4eb88b6fe969af20ee78687cd40a271f8116"},{"last_affected":"fbeeca5fb941c59a901ba7324dca4f15f3b666bb"},{"last_affected":"6c514146fe3ba81aefcc3ef74a158d8bafee2fcf"},{"last_affected":"d4e9735adc0819314811c134d7899adcdb0f629e"},{"last_affected":"1490a3f542c89c9c74127a134cea4000d857189e"},{"last_affected":"8641cef9edb88303736a0e19d31cf7f7bd4ca5bb"},{"last_affected":"6a8acc17f2dea12cf6366b5a1fa4fe62a1c36137"},{"last_affected":"18fac60288f15ded6a738066d230cdb6423a5b25"},{"last_affected":"8d7a4e2f583e322f2c5ca939c00df1c5d61dad7d"},{"last_affected":"b0370640a65d7cb28485f842c959cf4b489eccc1"},{"last_affected":"c25bae42cd21ba0a376ce3cce14800a34a0ede00"},{"last_affected":"e8b640021afce5430678b590813d18b92e06a430"},{"last_affected":"cc079ea2c2beeaae22131ffc2c2c9f4dff20ddab"},{"last_affected":"917125ae55a807a90a96d97ecbec5ed13620bc18"},{"last_affected":"4b0b2f6b828d12d150b4de0b64fd6c3849dfcefb"},{"last_affected":"f481565d959dc5a5eae1576cc294774c8683b4dc"},{"last_affected":"5ec070352b283535946327b44228b610a27a76c5"},{"last_affected":"753f95658fb9a26594d8f9cc65a48de04d2e7bd7"},{"last_affected":"00b711f6af57e043bf4d5d64dbc1617970a54d69"},{"last_affected":"4e32ede8c5c5ed6937d29a37b5108dfcd13c5954"},{"last_affected":"593f3797c2de532988387692bb5f9a283c6182c5"},{"last_affected":"46d444a14cdac3e7e1f011a02cbdac9e5a80631c"},{"last_affected":"914f68b45127207170dff894e03ec31732cac898"},{"last_affected":"14bdacea996993a3b94ec0972cea92370e42ae4d"},{"last_affected":"35174cb9cfa4cf3d608db77485043af42cf92c8c"},{"last_affected":"e0c759f3bd47e06b9d526ed40ed9d1e923f464b6"},{"last_affected":"c40ede65ea4fb44b1957ec482f28c7afa71f1b50"},{"last_affected":"05bfeed882fadd6e3b5c64a7851125750d37e297"},{"last_affected":"c83fd06b3cd0c96ffd7dc660107a1283b714483b"},{"last_affected":"9babbd0b0560303fbe5cc5bf7e7c2a8e74e4d665"},{"last_affected":"0b365bb7032a5e30b35fedc56e7def82a3e55f94"},{"last_affected":"c8a57e4a2db8e5af314bae48123fb5990da5b7a5"},{"last_affected":"4560d2f5a49965f73ed07cb879f17d9c096c9d13"},{"last_affected":"9c649984ef92c2534a734c6584220a9a0c0c3462"},{"last_affected":"10e04de1946981261a734507f4a6d953e2a206fe"},{"last_affected":"65ddc3a3872ea41ca67fec7b6834c704b6893361"},{"last_affected":"b5a74e3c7913c560648f0ffedfbbb3ebe4318def"},{"last_affected":"de128d72af746184e035ff1b53629f08cb141a04"},{"last_affected":"aac670afe1226e10513021100fce8a12344743c6"},{"last_affected":"c2c8107f0cea4755497a85990807b883b66f6b57"},{"last_affected":"8c48678b110f3fbbe66f6dde0e45d2578fa92c29"},{"last_affected":"9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f"},{"last_affected":"59e713216cf2256aacc54f6ba627865f356f9e4e"},{"last_affected":"7dc5e29fe49850102261badf158752d6865311e4"},{"last_affected":"600dc8ba5d9be7599d29bff83c342213d93b034e"},{"last_affected":"3bd48aab236e5bf0ed1644e9f0c588fd20e503ab"},{"last_affected":"642d3dd4d50ea1f03f9827962e4fc982a123bb78"},{"last_affected":"24566c02fb917a6ca1b6479a60971b0d8acd895c"},{"last_affected":"cac0e029dcced854eeca7444710e78e412dc2c2a"},{"last_affected":"c5efed313de1a181f4f9f98f5023117f3b911257"},{"last_affected":"ab04166fac59fcf9b3be3aab1c8b896842782d4c"},{"last_affected":"35071e7e52f296b9187b054b0efd74121b7db3bd"},{"last_affected":"c7b84102600d600bcc527560d9c4d10c3fd440ab"},{"last_affected":"d8ebf61e51b4455e3c226751e492a533f9002d48"},{"last_affected":"aba238718ac9b149d25feaa9a14ecad3b0e3a5e2"},{"last_affected":"fe854ab1f111396458d98fa2ab08c693ce9407e1"},{"last_affected":"45f8fd74cdb96490fab8709263a4d862f0d429cf"},{"last_affected":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"last_affected":"9dc486b616a1599fa3fa4e27a7933ca06bfa4785"},{"last_affected":"2bd753075d4f87ee9db49d3ad55cfaec78a82329"},{"last_affected":"f496ba0669fcdc034683aab80e627de5aee50b8e"},{"last_affected":"e0fdefed3d9e2a4dbfd36a5a79e75e0eadaa201d"},{"last_affected":"fd2639aedf7d8cfb464094000a12f850ae1f2709"},{"last_affected":"b13bcf27d84debed0519f36449b7a5443c3bd0e6"},{"last_affected":"988f68f551e8dbd53d1bc45b8a0cda14ff09dc54"},{"last_affected":"5eda69269ed3267d9757c0e2efbb86ef8fa8bca9"},{"last_affected":"c4e46147542892179c6be8b815f2f19637d7b4bf"},{"last_affected":"f2fb9fd39b97f3e1f84c6745359d821210446b09"},{"last_affected":"54502a9e8796f87ff77b1e32251e2836f6671149"},{"last_affected":"706a395be7c34414d04739de69bde986661976ec"},{"last_affected":"90583be4f77c92d8e8ac4a48e63b3cdc31e45890"},{"last_affected":"f47ce1999ed77630cbcc65fe98af135d4072b6a3"},{"last_affected":"f212f9d743b463763dab22f5ec7e3077f33bd326"},{"last_affected":"25d7c99e8c44a41a08ba85ccaba3cfec6af9c801"},{"last_affected":"0862607e5da91a7c476a6350288d8d8a9380f556"},{"last_affected":"854f4dcf435a6d335576aa22402e2871c66f4fd9"},{"last_affected":"4202de2f20c29f38a6a700133f9724745c7306d8"},{"last_affected":"5dd82367de857318b8a384c07c4414e5d55cc975"},{"last_affected":"95f7f98eef1d3521ee25617c07a36d22daba84ea"},{"last_affected":"bd48c597e3cb280d73d9c9279babcaf75b6879c0"},{"last_affected":"6158eb84d9a15565787eda7e37f3e2f220a34a54"},{"last_affected":"fad275b0541595ea89e59f5cb024ada531d5dbe4"},{"last_affected":"508a36c1f48c8d500c4e205097c2ade93e589d13"},{"last_affected":"34735123777fe15a5525b8242964293cddbfae64"},{"last_affected":"7c14efedba0cc81319efacb0e7f5129804e7b6f9"},{"last_affected":"d628ee1e6e1121d60b4990239c242d0e18a25e42"},{"last_affected":"4fab4cc012d0c31852e957d198cb0549f3d6074c"},{"last_affected":"b6ff6f5c8a977fad074ae64c7ba4e38968d70b86"},{"last_affected":"3a9578990e4e90bcc04bf7d5ef3bc47445e827e6"},{"last_affected":"100ca6fcaf5aceb8fecd5cff0c45e1d52f8baaed"},{"last_affected":"1031a8edb864ac001a8f172161aa8a13b7a4e712"},{"last_affected":"fc2c65d390444d75412855ad0de8b878018d02dc"},{"last_affected":"247c8e5ad08cdcd829a0bfc6374ecb3da0e5838e"},{"last_affected":"bd68c421ea32fea08263db73cd5b987ab606a0bb"},{"last_affected":"b0b074b683ed2e09ff9e9755825bfce83d303a93"},{"last_affected":"d971ce1bdf8b8e8de93fb41454f4ce2e815ee936"},{"last_affected":"eb684224706fe1d8ef5610c8d79dc403e1038393"},{"last_affected":"772df65db45cfccc2aad33b9b51ef9ab14c19626"},{"last_affected":"b3a208c6d6d01c553178c5e718e750b0eb318151"},{"last_affected":"27f7ef8cd0c637b700d564ec20f6ff92901f6b5c"},{"last_affected":"c549413165721180b15f62033c1be6c5970028fd"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"8.5.0"},{"last_affected":"8.5.1"},{"last_affected":"8.5.2"},{"last_affected":"8.5.3"},{"last_affected":"8.5.4"},{"last_affected":"8.5.5"},{"last_affected":"8.5.6"},{"last_affected":"8.5.7"},{"last_affected":"8.5.8"},{"last_affected":"8.5.9"},{"last_affected":"8.5.10"},{"last_affected":"8.5.11"},{"last_affected":"8.5.12"},{"last_affected":"8.5.13"},{"last_affected":"8.5.14"},{"last_affected":"8.5.15"},{"last_affected":"8.5.16"},{"last_affected":"8.5.17"},{"last_affected":"8.5.18"},{"last_affected":"8.5.19"},{"last_affected":"8.5.20"},{"last_affected":"8.5.21"},{"last_affected":"8.5.22"},{"last_affected":"8.5.23"},{"last_affected":"8.5.24"},{"last_affected":"8.5.25"},{"last_affected":"8.5.26"},{"last_affected":"8.5.27"},{"last_affected":"8.5.28"},{"last_affected":"8.5.29"},{"last_affected":"8.5.30"},{"last_affected":"8.5.31"},{"last_affected":"8.5.32"},{"last_affected":"8.5.33"},{"last_affected":"8.5.34"},{"last_affected":"8.5.35"},{"last_affected":"8.5.36"},{"last_affected":"8.5.37"},{"last_affected":"8.5.38"},{"last_affected":"8.5.39"},{"last_affected":"8.5.40"},{"last_affected":"8.5.41"},{"last_affected":"8.5.42"},{"last_affected":"8.5.43"},{"last_affected":"8.5.44"},{"last_affected":"8.5.45"},{"last_affected":"8.5.46"},{"last_affected":"8.5.47"},{"last_affected":"8.5.48"},{"last_affected":"8.5.49"},{"last_affected":"8.5.50"},{"last_affected":"8.5.51"},{"last_affected":"8.5.52"},{"last_affected":"8.5.53"},{"last_affected":"8.5.54"},{"last_affected":"8.5.55"},{"last_affected":"8.5.56"},{"last_affected":"8.5.57"},{"last_affected":"9.0.0-milestone10"},{"last_affected":"9.0.0-milestone11"},{"last_affected":"9.0.0-milestone12"},{"last_affected":"9.0.0-milestone13"},{"last_affected":"9.0.0-milestone14"},{"last_affected":"9.0.0-milestone15"},{"last_affected":"9.0.0-milestone16"},{"last_affected":"9.0.0-milestone17"},{"last_affected":"9.0.0-milestone18"},{"last_affected":"9.0.0-milestone19"},{"last_affected":"9.0.0-milestone20"},{"last_affected":"9.0.0-milestone21"},{"last_affected":"9.0.0-milestone22"},{"last_affected":"9.0.0-milestone23"},{"last_affected":"9.0.0-milestone24"},{"last_affected":"9.0.0-milestone25"},{"last_affected":"9.0.0-milestone26"},{"last_affected":"9.0.0-milestone27"},{"last_affected":"9.0.0-milestone5"},{"last_affected":"9.0.0-milestone6"},{"last_affected":"9.0.0-milestone7"},{"last_affected":"9.0.0-milestone8"},{"last_affected":"9.0.0-milestone9"},{"last_affected":"9.0.1"},{"last_affected":"9.0.2"},{"last_affected":"9.0.3"},{"last_affected":"9.0.4"},{"last_affected":"9.0.5"},{"last_affected":"9.0.6"},{"last_affected":"9.0.7"},{"last_affected":"9.0.8"},{"last_affected":"9.0.9"},{"last_affected":"9.0.10"},{"last_affected":"9.0.11"},{"last_affected":"9.0.12"},{"last_affected":"9.0.13"},{"last_affected":"9.0.14"},{"last_affected":"9.0.15"},{"last_affected":"9.0.16"},{"last_affected":"9.0.17"},{"last_affected":"9.0.18"},{"last_affected":"9.0.19"},{"last_affected":"9.0.20"},{"last_affected":"9.0.21"},{"last_affected":"9.0.22"},{"last_affected":"9.0.23"},{"last_affected":"9.0.24"},{"last_affected":"9.0.25"},{"last_affected":"9.0.26"},{"last_affected":"9.0.27"},{"last_affected":"9.0.28"},{"last_affected":"9.0.29"},{"last_affected":"9.0.30"},{"last_affected":"9.0.31"},{"last_affected":"9.0.32"},{"last_affected":"9.0.33"},{"last_affected":"9.0.34"},{"last_affected":"9.0.35"},{"last_affected":"9.0.36"},{"last_affected":"9.0.37"},{"last_affected":"10.0.0-milestone1"},{"last_affected":"10.0.0-milestone2"},{"last_affected":"10.0.0-milestone3"},{"last_affected":"10.0.0-milestone4"},{"last_affected":"10.0.0-milestone5"},{"last_affected":"10.0.0-milestone6"},{"last_affected":"10.0.0-milestone7"}],"cpe":["cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.32:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.33:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.34:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.35:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.36:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.37:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.38:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.39:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.40:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.41:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.42:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.43:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.44:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.45:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.46:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.47:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.48:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.49:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.50:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.51:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.52:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.53:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.54:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.55:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.56:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:8.5.57:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.10:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.11:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.12:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.14:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.15:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.16:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.17:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.18:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.19:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.20:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.21:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.23:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.24:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.25:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.26:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.27:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.28:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.30:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.31:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.32:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.33:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.34:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.35:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*"],"source":"CPE_STRING"}}],"versions":["8.5.57","9.0.37","10.0.0-M7","8.5.56","9.0.36","10.0.0-M6","8.5.55","9.0.35","10.0.0-M5","8.5.54","9.0.34","10.0.0-M4","8.5.53","9.0.33","10.0.0-M3","8.5.52","9.0.32","10.0.0-M2","10.0.0-M1","8.5.51","9.0.31","8.5.50","9.0.30","8.5.49","8.5.48","9.0.29","9.0.28","8.5.47","9.0.27","8.5.46","9.0.26","9.0.25","8.5.45","9.0.24","8.5.44","9.0.23","8.5.43","9.0.22","8.5.42","9.0.21","8.5.41","9.0.20","9.0.19","8.5.40","9.0.18","8.5.39","9.0.17","8.5.38","9.0.16","9.0.15","8.5.37","8.5.36","9.0.14","8.5.35","9.0.13","8.5.34","9.0.12","8.5.33","9.0.11","8.5.32","9.0.10","9.0.9","8.5.31","9.0.8","8.5.30","9.0.7","8.5.29","9.0.6","8.5.28","9.0.5","8.5.27","9.0.4","8.5.26","8.5.25","9.0.3","8.5.24","9.0.2","8.5.23","9.0.1","8.5.22","8.5.21","9.0.0-M27","8.5.20","9.0.0-M26","8.5.19","9.0.0-M25","8.5.18","9.0.0-M24","8.5.17","9.0.0-M23","8.5.16","9.0.0-M22","8.5.15","9.0.0-M21","8.5.14","9.0.0-M20","8.5.13","9.0.0-M19","8.5.12","9.0.0-M18","8.5.11","9.0.0-M17","8.5.10","9.0.0-M16","8.5.9","9.0.0-M15","9.0.0-M14","8.5.8","9.0.0-M13","8.5.7","9.0.0-M12","8.5.6","9.0.0-M11","8.5.5","9.0.0-M10","8.5.4","9.0.0-M9","8.5.3","9.0.0-M8","9.0.0-M7","8.5.2","9.0.0-M6","8.5.1","9.0.0-M5","8.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13943.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}