vulnerability

FreeBSD: VID-CC7C85D9-F30A-11EB-B12B-FC4DD43E2B6A (CVE-2021-30639): tomcat -- Remote Denial of Service in multiple versions

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	03/24/2021	11/04/2022	11/04/2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

03/24/2021

Added

11/04/2022

Modified

11/04/2022

Description

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.

Solution(s)

freebsd-upgrade-package-tomcat10freebsd-upgrade-package-tomcat85freebsd-upgrade-package-tomcat9

References

NVD-CVE-2021-30639

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today