{"id":"MGASA-2020-0397","summary":"Updated tomcat packages fix a security vulnerability","details":"If an HTTP/2 client exceeded the agreed maximum number of concurrent streams\nfor a connection (in violation of the HTTP/2 protocol), it was possible that a\nsubsequent request made on that connection could contain HTTP headers -\nincluding HTTP/2 pseudo headers - from a previous request rather than the\nintended headers. This could lead to users seeing responses for unexpected\nresources (CVE-2020-13943).\n","modified":"2026-02-04T03:08:28.370403Z","published":"2020-10-29T22:25:06Z","related":["CVE-2020-13943"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0397.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27396"},{"type":"REPORT","url":"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.38"}],"affected":[{"package":{"name":"tomcat","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.38-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0397.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}