Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45873
HistoryMar 15, 2024 - 6:11 a.m.

Denial Of Service (DoS)

2024-03-1506:11:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
denial of service
vulnerability
tomcat
websocket
improper cleanup

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.4%

org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold resources, which can result in Denial of Service.

Affected configurations

Vulners
Node
veracodetomcat-embed-websocketRange8.5.988.5.98
OR
veracodetomcat-embed-websocketRange9.0.859.0.85
OR
veracodetomcat-embed-websocketRange10.1.1810.1.18
OR
veracodetomcat-embed-websocketRange11.0.0-M1611.0.0-M16
OR
veracodetomcat-websocketRange11.0.0-M1611.0.0-M16
OR
veracodetomcat-websocketRange10.1.1810.1.18
OR
veracodetomcat-websocketRange9.0.859.0.85
OR
veracodetomcat-websocketRange8.5.988.5.98
OR
veracodetomcat9\Matchsid9.0.40-1
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u3
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u4
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u2
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u5
OR
veracodetomcat9\Matchbullseye9.0.43-1
OR
veracodetomcat-embed-websocketRange8.5.988.5.98
OR
veracodetomcat-embed-websocketRange9.0.859.0.85
OR
veracodetomcat-embed-websocketRange10.1.1810.1.18
OR
veracodetomcat-embed-websocketRange11.0.0-M1611.0.0-M16
OR
veracodetomcat-websocketRange11.0.0-M1611.0.0-M16
OR
veracodetomcat-websocketRange10.1.1810.1.18
OR
veracodetomcat-websocketRange9.0.859.0.85
OR
veracodetomcat-websocketRange8.5.988.5.98
OR
veracodetomcat9\Matchsid9.0.40-1
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u3
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u4
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u2
OR
veracodetomcat9\Matchbuster9.0.31-1~deb10u5
OR
veracodetomcat9\Matchbullseye9.0.43-1
VendorProductVersionCPE
veracodetomcat-embed-websocket*cpe:2.3:a:veracode:tomcat-embed-websocket:*:*:*:*:*:*:*:*
veracodetomcat-websocket*cpe:2.3:a:veracode:tomcat-websocket:*:*:*:*:*:*:*:*
veracodetomcat9\sidcpe:2.3:a:veracode:tomcat9\:sid:9.0.40-1:*:*:*:*:*:*:*
veracodetomcat9\bustercpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u3:*:*:*:*:*:*:*
veracodetomcat9\bustercpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u4:*:*:*:*:*:*:*
veracodetomcat9\bustercpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u2:*:*:*:*:*:*:*
veracodetomcat9\bustercpe:2.3:a:veracode:tomcat9\:buster:9.0.31-1~deb10u5:*:*:*:*:*:*:*
veracodetomcat9\bullseyecpe:2.3:a:veracode:tomcat9\:bullseye:9.0.43-1:*:*:*:*:*:*:*