Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-42340  

A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Source
Severity High

Remote Yes

Type Denial of service

Description 

A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for  WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

AVG-2471 tomcat8 8.5.71-1 8.5.72-1 High Fixed

AVG-2470 tomcat9 9.0.53-1 9.0.54-1 High Fixed

AVG-2469 tomcat10 10.0.11-1 10.0.12-1 High Fixed 

https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E
https://bz.apache.org/bugzilla/show_bug.cgi?id=63362

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started