Connection Manager, Connection Manager for AWS and Cloud Access Connector affected by Denial of Service vulnerability in Apache Tomcat.

Advisory Information

  • Advisory ID: TERA-SA-000068
  • CVE Numbers and Scores:
  • Published: 2 Feb. 2021
  • Last Updated: 2 Feb. 2021
  • Download PDF

Summary

Teradici Connection Manager, Teradici Connection Manager for AWS and Teradici Cloud Access Connector releases prior to 20.10 use a vulnerable version of Apache Tomcat that is susceptible to Denial of Service Attacks.

The latest versions contain an updated and patched version of Tomcat.


Affected Products

  • Teradici Connection Manager prior to release 20.10
  • Teradici Connection Manager for AWS prior to release 20.10
  • Teradici Cloud Access Connector prior to release 20.10

Solutions and Mitigations

Available Updates

  • Teradici Connection Manager 20.10
  • Teradici Connection Manager for AWS 20.10
  • Teradici Cloud Access Connector 20.10

Vulnerability Details

CVE-2020-11996

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

2 Feb. 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.