CVE-2021-30639

Improper Handling of Exceptional Conditions in maven/tomcat/jasper-runtime

Identifier

CVE-2021-30639

Package Slug

maven/tomcat/jasper-runtime

Vulnerability

Improper Handling of Exceptional Conditions

Description

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability.

Affected Versions

Version 8.5.64, version 9.0.44, all versions starting from 10.0.3 up to 10.0.4

Solution

Upgrade to version 8.5.65, 9.0.45, 10.0.5 or above.

Last Modified

2021-07-17

source