subject:"\[SECURITY\] CVE\-2021\-42340 Apache Tomcat DoS"

RE: [SECURITY] CVE-2021-42340 Apache Tomcat DoS [EXTERNAL]

2021-12-06 Thread Beard, Shawn

s H. H. Lampert Sent: Monday, December 6, 2021 1:29 PM To: Tomcat Users List Subject: Re: [SECURITY] CVE-2021-42340 Apache Tomcat DoS [EXTERNAL] ** CAUTION: External message On 10/14/21 7:12 AM, Mark Thomas wrote: > The fix for bug 63362 introduced a memory leak. The object introduced > to col

Re: [SECURITY] CVE-2021-42340 Apache Tomcat DoS

2021-12-06 Thread James H. H. Lampert

On 10/14/21 7:12 AM, Mark Thomas wrote: The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could

[SECURITY] CVE-2021-42340 Apache Tomcat DoS

2021-10-14 Thread Mark Thomas

CVE-2021-42340 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M5 Apache Tomcat 10.0.0-M10 to 10.0.11 Apache Tomcat 9.0.40 to 9.0.53 Apache Tomcat 8.5.60 to 8.5.71 Description: The fix for bug 63362 introduced a

[SECURITY] CVE-2021-42340 Apache Tomcat DoS

2021-10-14 Thread Mark Thomas

CVE-2021-41079 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M5 Apache Tomcat 10.0.0-M10 to 10.0.11 Apache Tomcat 9.0.40 to 9.0.53 Apache Tomcat 8.5.60 to 8.5.71 Description: The fix for bug 63362 introduced a