Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0668 Vulnerability (CVE-2016-0668)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (7.1.04)
WebLogic CVE-2019-2618 Vulnerability (CVE-2019-2618)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)
WordPress Plugin Woocommerce Payment Gateway per Category Cross-Site Scripting (2.0.10)