A security issue has been found in Apache Tomcat prior to 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache tomcat 10.0.0 |
||
apache tomcat 10.1.0 |
||
apache tomcat |
||
netapp hci - |
||
netapp management services for element software - |
||
debian debian linux 11.0 |
||
oracle managed file transfer 12.2.1.3.0 |
||
oracle sd-wan edge 9.0 |
||
oracle agile engineering data management 6.2.1.0 |
||
oracle managed file transfer 12.2.1.4.0 |
||
oracle hospitality cruise shipboard property management system 20.1.0 |
||
oracle sd-wan edge 9.1 |
||
oracle communications diameter signaling router |
||
oracle big data spatial and graph |
||
oracle middleware common libraries and tools 12.2.1.4.0 |
||
oracle retail customer insights 15.0.2 |
||
oracle retail customer insights 16.0.2 |
||
oracle taleo platform |
||
oracle payment interface 20.3 |
||
oracle payment interface 19.1 |
||
oracle retail eftlink 21.0.0 |
||
oracle retail data extractor for merchandising 16.0.2 |
||
oracle retail data extractor for merchandising 15.0.2 |
||
oracle retail financial integration 19.0.0 |
||
oracle retail financial integration 16.0.1 |
||
oracle retail store inventory management 14.1.3.5 |
||
oracle retail store inventory management 14.1.3.14 |
||
oracle retail store inventory management 15.0.3.3 |
||
oracle retail store inventory management 15.0.3.8 |
||
oracle retail store inventory management 16.0.3.7 |
||
oracle retail store inventory management 14.0.4.13 |
Vulmon