DebianDEBIAN:DSA-5009-1:0CE0C[SECURITY] [DSA 5009-1] tomcat9 security update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.019 Low
EPSS
Percentile
88.3%
Debian Security Advisory DSA-5009-1 [email protected]
https://www.debian.org/security/ Markus Koschany
November 12, 2021 https://www.debian.org/security/faq
Package : tomcat9
CVE ID : CVE-2021-42340
Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP
upgrade connection for WebSocket connections once the WebSocket connection was
closed. This created a memory leak that, over time, could lead to a denial of
service via an OutOfMemoryError.
For the stable distribution (bullseye), this problem has been fixed in
version 9.0.43-2~deb11u3.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | libtomcat9-java | <Β 9.0.43-2~deb11u3 | libtomcat9-java_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | tomcat9-user | <Β 9.0.43-2~deb11u3 | tomcat9-user_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | tomcat9-examples | <Β 9.0.43-2~deb11u3 | tomcat9-examples_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | tomcat9-docs | <Β 9.0.43-2~deb11u3 | tomcat9-docs_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | tomcat9-admin | <Β 9.0.43-2~deb11u3 | tomcat9-admin_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | tomcat9-common | <Β 9.0.43-2~deb11u3 | tomcat9-common_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | tomcat9 | <Β 9.0.43-2~deb11u3 | tomcat9_9.0.43-2~deb11u3_all.deb |
| Debian | 11 | all | libtomcat9-embed-java | <Β 9.0.43-2~deb11u3 | libtomcat9-embed-java_9.0.43-2~deb11u3_all.deb |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.019 Low
EPSS
Percentile
88.3%