CVE-2021-42340 | Apache Tomcat Memory Leaks (Denial Of Service)

King · Oct 27, 2021

Vulnerability Details : CVE-2021-42340

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Publish Date : 2021-10-14 Last Update Date : 2021-10-21

Collapse All Expand All Select Select&Copy	Scroll To	Comments	External Links
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.0
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very...

CVE-2021-42340 | Apache Tomcat Memory Leaks (Denial Of Service)

King

Administrator

Vulnerability Details : CVE-2021-42340​

- CVSS Scores & Vulnerability Types​

Privacy & Transparency

Privacy & Transparency

Vulnerability Details : CVE-2021-42340

- CVSS Scores & Vulnerability Types