Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-42340

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.04126 | KEV: Not Included
Published: 14/10/2021 Updated: 21/11/2024

Vulnerability Summary

A security issue has been found in Apache Tomcat prior to 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 10.0.0

apache tomcat 10.1.0

netapp hci -

netapp management services for element software -

debian debian linux 11.0

oracle agile engineering data management 6.2.1.0

oracle big data spatial and graph

oracle communications diameter signaling router

oracle hospitality cruise shipboard property management system 20.1.0

oracle managed file transfer 12.2.1.3.0

oracle managed file transfer 12.2.1.4.0

oracle middleware common libraries and tools 12.2.1.4.0

oracle payment interface 19.1

oracle payment interface 20.3

oracle retail customer insights 15.0.2

oracle retail customer insights 16.0.2

oracle retail data extractor for merchandising 15.0.2

oracle retail data extractor for merchandising 16.0.2

oracle retail eftlink 21.0.0

oracle retail financial integration 16.0.1

oracle retail financial integration 19.0.0

oracle retail store inventory management 14.0.4.13

oracle retail store inventory management 14.1.3.5

oracle retail store inventory management 14.1.3.14

oracle retail store inventory management 15.0.3.3

oracle retail store inventory management 15.0.3.8

oracle retail store inventory management 16.0.3.7

oracle sd-wan edge 9.0

oracle sd-wan edge 9.1

oracle taleo platform

Vendor Advisories

Debian Security Advisories: DSA-5009-1 tomcat9 -- security update
Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError For the stable distribution (bullseye), this problem has been fixed in version 904 ...
Red Hat: Important: Red Hat support for Spring Boot 2.5.10 update
Synopsis Important: Red Hat support for Spring Boot 2510 update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Red Hat Fuse 7.11.0 release and security update
Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
Amazon Linux AMI: ALAS-2021-1546
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service The highest threat from this vulnerability is to system availability (CVE-2 ...
Amazon Linux 2: ALASTOMCAT9-2023-006
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service The highest threat from this vulnerability is to system availability (CVE-2 ...
Amazon Linux 2: ALASTOMCAT8.5-2023-006
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service The highest threat from this vulnerability is to system availability (CVE-2 ...
Red Hat: CVE-2021-42340
No description is available for this CVE ...
Arch Linux Issues:
A security issue has been found in Apache Tomcat before versions 10012, 9054 and 8572 The fix for bug 63362 introduced a memory leak The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed This created a memory leak that, over time, could lea ...

Mailing Lists

Full Disclosure: CVE-2021-42340: Apache Tomcat: DoS via memory leak with WebSocket connections
References: listsapacheorg/threadhtml/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannouncetomcatapacheorg%3E ...

References

CWE-772CWE-772https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-5009https://www.first.org/epsshttps://security.archlinux.org/CVE-2021-42340https://kc.mcafee.com/corporate/index?page=content&id=SB10379https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3Ehttps://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/202208-34https://security.netapp.com/advisory/ntap-20211104-0001/https://www.debian.org/security/2021/dsa-5009https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10379https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3Ehttps://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/202208-34https://security.netapp.com/advisory/ntap-20211104-0001/https://www.debian.org/security/2021/dsa-5009https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
local file inclusiondcmtkCVE-2025-24813CVE-2023-52315directory listings wordpress plugin – ulistingCVE-2025-2348IDORCVE-2024-12336vamCVE-2025-24856wirelesswordpress form builder plugin for contact forms, surveys and quizzes – tripettoCVE-2024-55591
Home
/
Search Results
/
CVE-2021-42340
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook