7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.9%
Important: Denial of Service CVE-2021-41079
When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
This was fixed with commit d4b340fa.
This issue was first reported to the Apache Tomcat Security Team by Thomas Wozenilek on 26 February 2021 but could not be confirmed. A speculative fix was applied on 3 March 2021. On 14 September 2021 David Frankson of Infinite Campus independently reported the issue and included a test case. This allowed both the issue and the speculative fix to be verified. The issue was made public on 15 September 2021.
Affects: 9.0.0-M1 to 9.0.43
Important: Information Disclosure CVE-2024-21733
Incomplete POST requests triggered an error response that could contain data from a previous request from another user.
This was fixed with commit 86ccc439.
This issue was reported to the Apache Tomcat Security Team by xer0dayz from Sn1perSecurity LLC on 20 December 2023. The issue was made public on 19 January 2024.
Affects: 9.0.0-M11 to 9.0.43
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 9.0.0-M1 | |
apache tomcat | ge | 9.0.0-M11 | |
apache tomcat | le | 9.0.43 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.9%