5
CVSSv2

CVE-2021-42340

Published: 14/10/2021 Updated: 12/11/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A security issue has been found in Apache Tomcat prior to 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 10.0.0

apache tomcat 10.1.0

netapp management services for element software and netapp hci -

Vendor Advisories

Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError For the stable distribution (bullseye), this problem has been fixed in version 904 ...
No description is available for this CVE ...
A security issue has been found in Apache Tomcat before versions 10012, 9054 and 8572 The fix for bug 63362 introduced a memory leak The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed This created a memory leak that, over time, could lea ...

Github Repositories

Awesome WebSockets Security A collection of CVEs, research, and reference materials related to WebSocket security Contents WebSocket Library Vulnerabilities Conference Talks Common WebSocket Weaknesses WebSocket Security Tools Bug Bounty Writeups Useful blog posts WebSocket Library Vulnerabilities This list of vulnerabilities attempts to capture WebSocket CVEs and related