CVE-2021-41079

Improper Input Validation in maven/org.apache.tomcat/tomcat

Identifier

CVE-2021-41079

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Improper Input Validation

Description

Apache Tomcat to to to did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Affected Versions

All versions starting from 8.5.0 before 8.5.64, all versions starting from 9.0.0 before 9.0.44, all versions starting from 10.0.0 up to 10.0.2

Solution

Upgrade to versions 8.5.64, 9.0.44, 10.0.4 or above.

Last Modified

2021-09-30

source