30 matches found
Photon OS 3.0: Apache PHSA-2021-3.0-0327
An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0327. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-006)
The version of tomcat installed on the remote host is prior to 8.5.72-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-006 advisory. A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections...
SUSE CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...
Atlassian Jira < 8.13.18 / 8.14.0 < 8.20.6 / 8.21.0 (JRASERVER-73070)
The version of Atlassian Jira installed on the remote host is prior to 8.13.18 / 8.14.0 8.20.6 / 8.21.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73070 advisory. - Denial of service via an OutOfMemoryError Tomcat CVE-2021-42340 CVE-2021-42340 Note that Nessus h...
Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-42340)
Summary IBM Rational Build Forge is affected by CVE-2021-42340. Vulnerability Details CVEID: CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remo...
Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-42340
Summary IBM UrbanCode Build is affected by CVE-2021-42340 Vulnerability Details CVEID: CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote...
Mageia: Security Advisory (MGASA-2021-0485)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: CVE-2021-42340 Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections.
Summary Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:...
Denial of service via an OutOfMemoryError (Tomcat CVE-2021-42340)
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to impact the application's availability via CVE-2021-42340, a Denial of Service DoS vulnerability in Apache Tomcat. The affected versions of Atlassian Jira Server and Data Center are before version 8.21.0...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release
Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release
Red Hat JBoss Web Server 5.6.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...
Security Bulletin: Vulnerability in Apache Tomcat (CVE-2021-42340) affects HMC
Summary Apache Tomcat is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a...
[SECURITY] [DSA 5009-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5009-1 [email protected] https://www.debian.org/security/ Markus Koschany November 12, 2021 https://www.debian.org/security/faq -...
Debian DSA-5009-1 : tomcat9 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5009 advisory. Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This...
Amazon Linux AMI : tomcat8 (ALAS-2021-1546)
The version of tomcat8 installed on the remote host is prior to 8.5.72-1.89. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1546 advisory. A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once...
OESA-2021-1413 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
Important: tomcat8
Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...
Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError
h3. Issue Summary Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError Base Score: 7.5 HIGH bq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once th...
Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError
h3. Issue Summary Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError Base Score: 7.5 HIGH bq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once th...
CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...