{"id":2214,"date":"2020-06-29T09:48:40","date_gmt":"2020-06-29T14:48:40","guid":{"rendered":"https:\/\/cert.pa\/?p=2214"},"modified":"2020-06-29T09:48:40","modified_gmt":"2020-06-29T14:48:40","slug":"csirt-panama-aviso-2020-06-26-apache-tomcat-denegacion-de-servicio-en-http-2-afecta-a-varias-versiones-de-apache-tomcat","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2214","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2020-06-26 Apache Tomcat: Denegaci\u00f3n de servicio en HTTP\/2 afecta a varias versiones de Apache Tomcat"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>Gravedad: Cr\u00edtica                                                                                                             <br>\nVulnerabilidad: CVE-2020-11996                                                                                                       <br>\nFecha de publicaci\u00f3n: Junio 26, 2020<br>\n\u00daltima revisi\u00f3n: Junio 26, 2020<br>\nPortal: http:\/\/tomcat.apache.org\/<br>\nSistemas Afectados: Vulnerabilidades en la plataforma de Apache Tomcat, versiones:<br>\ndesde la 8.5.0 hasta la 8.5.55<br>\ndesde la 9.0.0.M1 hasta la 9.0.35<br>\ndesde la 10.0.0-M1 hasta la 10.0.0-M5<\/p>\n\n\n\n<p>I.Descripci\u00f3n<br>\nLas versiones 8, 9 y 10 de Apache Tomcat est\u00e1n afectadas por una vulnerabilidad de denegaci\u00f3n de servicio (DoS) que afecta al protocolo HTTP\/2. <\/p>\n\n\n\n<p>II.Impacto<br>\nUna secuencia, especialmente dise\u00f1ada, de solicitudes HTTP\/2 podr\u00eda desencadenar un uso elevado de la CPU durante varios segundos. Si se realizar\u00e1 una cantidad suficiente de dichas solicitudes en conexiones HTTP\/2 concurrentes, el servidor podr\u00eda dejar de responder. Se ha reservado el identificador CVE-2020-11996 para esta vulnerabilidad. <\/p>\n\n\n\n<p>III. Referencia a soluciones, herramientas e informaci\u00f3n<br>\nAplicar la actualizaci\u00f3n a las nuevas versiones: <br>\nApache Tomcat 8.5.56<br>\nEnlace:http:\/\/tomcat.apache.org\/security-8.html#Fixed_in_Apache_Tomcat_8.5.56<br>\nApache Tomcat 9.0.36<br>\nEnlace:http:\/\/tomcat.apache.org\/security-9.html#Fixed_in_Apache_Tomcat_9.0.36<br>\nApache Tomcat 10.0.0-M6<br>\nEnlace:http:\/\/tomcat.apache.org\/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6<\/p>\n\n\n\n<p>Fuentes:<br>\nInstituto Nacional de Ciberseguridad (INCIBE). 26 de junio del 2020. Vulnerabilidades. Recopilado en: https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/denegacion-servicio-http2-afecta-varias-versiones-apache-tomcat<\/p>\n\n\n\n<p>Informaci\u00f3n de contacto<br>\nCSIRT PANAMA<br>\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>\nE-Mail: info@cert.pa<br>\nPhone: +507 520-CERT (2378)<br>\nWeb: https:\/\/cert.pa<br>\nTwitter: @CSIRTPanama<br>\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Cr\u00edtica Vulnerabilidad: CVE-2020-11996 Fecha de publicaci\u00f3n: Junio 26, 2020 \u00daltima revisi\u00f3n: Junio 26, 2020 Portal: http:\/\/tomcat.apache.org\/ Sistemas Afectados: Vulnerabilidades en la plataforma de Apache Tomcat, versiones: desde la 8.5.0 hasta la 8.5.55 desde la&#8230;<\/p>\n","protected":false},"author":4,"featured_media":295,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[72,103],"class_list":["post-2214","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos-de-seguridad","tag-tomcat"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2214"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2214\/revisions"}],"predecessor-version":[{"id":2216,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2214\/revisions\/2216"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/295"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}