V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
CVE-2021-42340
DEB
High

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduc…

CVSS
7.5
High
EPSS
0.04
p89
Published
2021-01-01
Updated
2021-01-01
Description

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Tags · CWE
Pre-auth
CWE-772
CAPEC-469
Affected products
Jws5-tomcatJws5-tomcatJws5-tomcat-nativeJws5-tomcat-nativeJws5-tomcat-vaultJws5-tomcat-vaultPki-servlet-engineTomcatTomcat-admin-webappsTomcat-docs-webappTomcat-el-3.0-apiTomcat-jsp-2.3-apiTomcat-libTomcat-servlet-4.0-apiTomcat-webappsTomcat8Tomcat8Tomcat8Tomcat8Tomcat8
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.043 · p89
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-469 · CWE-772
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected software
ProductVendorStatus
jws5-tomcatTracked
jws5-tomcatTracked
jws5-tomcat-nativeTracked
jws5-tomcat-nativeTracked
jws5-tomcat-vaultTracked
jws5-tomcat-vaultTracked
pki-servlet-engineTracked
tomcatTracked
tomcat-admin-webappsTracked
tomcat-docs-webappTracked
tomcat-el-3.0-apiTracked
tomcat-jsp-2.3-apiTracked
tomcat-libTracked
tomcat-servlet-4.0-apiTracked
tomcat-webappsTracked
tomcat8Tracked
tomcat8Tracked
tomcat8Tracked
tomcat8Tracked
tomcat8Tracked
Source databases
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2021-06115