Saturday, October 16, 2021

Apache Tomcat: Important: Denial of Service (CVE-2021-42340)

The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
  • apache-tomcat-upgrade-0_0_12
  • apache-tomcat-upgrade-8_5_72
  • apache-tomcat-upgrade-9_0_54

  • References
  • CVE - 2021-42340


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore