Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Apache Tomcat DoS Vulnerability (Oct 2021) - Linux

Information

Severity

Severity

Medium

Family

Family

Web Servers

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

Apache Tomcat is prone to a denial of service (DoS) vulnerability.

Insight

Insight

The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Affected Software

Affected Software

Apache Tomcat 8.5.60 through 8.5.71, 9.0.40 through 9.0.53, 10.0.0-M10 through 10.0.11 and 10.1.0-M1 through 10.1.0-M5.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 8.5.72, 9.0.54, 10.0.12, 10.1.0-M6 or later.

Common Vulnerabilities and Exposures (CVE)