Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2021-41079

UNKNOWN

Published 2021-09-16T14:40:25

Actions:

No CVSS data available

Description

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Tomcat

Affected Versions:

Apache Tomcat 8.5 8.5.0 to 8.5.63 Apache Tomcat 9 9.0.0-M1 to 9.0.43 Apache Tomcat 10 10.0.0-M1 to 10.0.2

References

https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html

https://security.netapp.com/advisory/ntap-20211008-0005/

https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a%40%3Cusers.tomcat.apache.org%3E

https://www.debian.org/security/2021/dsa-4986

Published: 2021-09-16T14:40:25

Last Modified: 2024-08-04T02:59:31.226Z

Copied to clipboard!