Saturday, October 16, 2021

Apache Tomcat: Important: Denial of Service (CVE-2021-42340)

Description
The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Solution(s)
  • apache-tomcat-upgrade-0_0_12
  • apache-tomcat-upgrade-8_5_72
  • apache-tomcat-upgrade-9_0_54


  • References
  • https://attackerkb.com/topics/cve-2021-42340
  • CVE - 2021-42340
  • http://tomcat.apache.org/security-10.html
  • http://tomcat.apache.org/security-8.html
  • http://tomcat.apache.org/security-9.html




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore