org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold resources, which can result in Denial of Service.
Vendor | Product | Version | CPE |
---|---|---|---|
veracode | tomcat-embed-websocket | * | cpe:2.3:a:veracode:tomcat-embed-websocket:*:*:*:*:*:*:*:* |
veracode | tomcat-websocket | * | cpe:2.3:a:veracode:tomcat-websocket:*:*:*:*:*:*:*:* |
veracode | tomcat9\ | sid | cpe:2.3:a:veracode:tomcat9\:sid:9.0.40-1:*:*:*:*:*:*:* |
veracode | tomcat9\ | buster | cpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u3:*:*:*:*:*:*:* |
veracode | tomcat9\ | buster | cpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u4:*:*:*:*:*:*:* |
veracode | tomcat9\ | buster | cpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u2:*:*:*:*:*:*:* |
veracode | tomcat9\ | buster | cpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u5:*:*:*:*:*:*:* |
veracode | tomcat9\ | bullseye | cpe:2.3:a:veracode:tomcat9\:bullseye:9.0.43-1:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2024/03/13/4
github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
lists.debian.org/debian-lts-announce/2024/04/msg00001.html
lists.fedoraproject.org/archives/list/[email protected]/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
lists.fedoraproject.org/archives/list/[email protected]/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
security.netapp.com/advisory/ntap-20240402-0002/
tomcat.apache.org/security-10.html
tomcat.apache.org/security-11.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html