An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d