Apache Tomcat – Denial of service vulnerability [CVE-2021-42340]

October 15, 2021 Duncan 2265 Views 0 Comments Apache, Apache Tomcat, CVE-2021-42340, DoS 0 min read

CVE number – CVE-2021-42340

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat.

An attacker could exploit this vulnerability to cause a denial of service condition.

The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Users of the affected versions should apply one of the following
mitigations:

Upgrade to Apache Tomcat 10.1.0-M6 or later
Upgrade to Apache Tomcat 10.0.12 or later
Upgrade to Apache Tomcat 9.0.54 or later
Upgrade to Apache Tomcat 8.5.72 or later

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Apache Tomcat – Denial of service vulnerability [CVE-2021-42340]

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply