org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold resources, which can result in Denial of Service.
www.openwall.com/lists/oss-security/2024/03/13/4
github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
lists.debian.org/debian-lts-announce/2024/04/msg00001.html
security.netapp.com/advisory/ntap-20240402-0002/
tomcat.apache.org/security-10.html
tomcat.apache.org/security-11.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html