Lucene search

[email protected]NVD:CVE-2021-42340

HistoryOct 14, 2021 - 8:15 p.m.

CVE-2021-42340

2021-10-1420:15:09

CWE-772

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.019 Low

EPSS

Percentile

88.7%

JSON

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Affected configurations

NVD

Node

apachetomcatRange8.5.60–8.5.72

apachetomcatRange9.0.40–9.0.54

apachetomcatRange10.0.1–10.0.12

apachetomcatMatch10.0.0milestone10

apachetomcatMatch10.1.0milestone1

apachetomcatMatch10.1.0milestone2

apachetomcatMatch10.1.0milestone3

apachetomcatMatch10.1.0milestone4

apachetomcatMatch10.1.0milestone5

Node

netapphciMatch-

netappmanagement_services_for_element_softwareMatch-

Node

debiandebian_linuxMatch11.0

Node

oracleagile_engineering_data_managementMatch6.2.1.0

oraclebig_data_spatial_and_graphRange<23.1

oraclecommunications_diameter_signaling_routerRange8.0.0.0–8.5.0.2

oraclehospitality_cruise_shipboard_property_management_systemMatch20.1.0

oraclemanaged_file_transferMatch12.2.1.3.0

oraclemanaged_file_transferMatch12.2.1.4.0

oraclemiddleware_common_libraries_and_toolsMatch12.2.1.4.0

oraclepayment_interfaceMatch19.1

oraclepayment_interfaceMatch20.3

oracleretail_customer_insightsMatch15.0.2

oracleretail_customer_insightsMatch16.0.2

oracleretail_data_extractor_for_merchandisingMatch15.0.2

oracleretail_data_extractor_for_merchandisingMatch16.0.2

oracleretail_eftlinkMatch21.0.0

oracleretail_financial_integrationMatch16.0.1

oracleretail_financial_integrationMatch19.0.0

oracleretail_store_inventory_managementMatch14.0.4.13

oracleretail_store_inventory_managementMatch14.1.3.5

oracleretail_store_inventory_managementMatch14.1.3.14

oracleretail_store_inventory_managementMatch15.0.3.3

oracleretail_store_inventory_managementMatch15.0.3.8

oracleretail_store_inventory_managementMatch16.0.3.7

oraclesd-wan_edgeMatch9.0

oraclesd-wan_edgeMatch9.1

oracletaleo_platform

References

kc.mcafee.com/corporate/index?page=content&id=SB10379

lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E

lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E

security.gentoo.org/glsa/202208-34

security.netapp.com/advisory/ntap-20211104-0001/

www.debian.org/security/2021/dsa-5009

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for NVD:CVE-2021-42340

nessus17 ibm11 debiancve1 atlassian5 tomcat4 cnvd1 github1 prion1 cisa1 osv4 debian1 kaspersky2 openvas4 cve1 redhatcve1 amazon1 f51 ubuntucve1 cvelist1 veracode1 photon4 redos1 mageia1 redhat4 gentoo1 rosalinux1 oracle3