CVSS: 7.5EPSS: 2%CPEs: 37EXPL: 0CVE-2021-42340 – DoS via memory leak with WebSocket connections
https://notcve.org/view.php?id=CVE-2021-42340
14 Oct 2021 — The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. La corrección del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0... • https://kc.mcafee.com/corporate/index?page=content&id=SB10379 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-41079 – Apache Tomcat DoS with unexpected TLS packet
https://notcve.org/view.php?id=CVE-2021-41079
16 Sep 2021 — Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. Apache Tomcat versiones 8.5.0 hasta 8.5.63, versiones 9.0.0-M1 hasta 9.0.43 y versiones 10.0.0-M1 hasta 10.0.2, no comprueban apropiadamente los paquetes TLS entrantes. Cuando Tomcat estaba configurado para usar NIO+... • https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a%40%3Cusers.tomcat.apache.org%3E • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 4%CPEs: 42EXPL: 0CVE-2021-33037 – Incorrect Transfer-Encoding handling with HTTP/1.0
https://notcve.org/view.php?id=CVE-2021-33037
12 Jul 2021 — Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10366 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-30640 – Auth weakness in JNDIRealm
https://notcve.org/view.php?id=CVE-2021-30640
12 Jul 2021 — A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Una vulnerabilidad en el ámbito JNDI de Apache Tomcat permite a un atacante autenticarse usando variaciones de un nombre de usuario válido y/o omitir parte de la protección proporcionada por el ámbito LockOut. Este problema af... • https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E • CWE-116: Improper Encoding or Escaping of Output CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-30639 – DoS after non-blocking IO error
https://notcve.org/view.php?id=CVE-2021-30639
12 Jul 2021 — A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility o... • https://kc.mcafee.com/corporate/index?page=content&id=SB10366 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 2%CPEs: 55EXPL: 0CVE-2021-25122 – Apache Tomcat h2c request mix-up
https://notcve.org/view.php?id=CVE-2021-25122
01 Mar 2021 — When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. Cuando se responde a nuevas peticiones de conexión h2c, Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41 y versiones 8.5.0 hasta 8.5.61, podrían duplicar los encabezados de petici... • http://www.openwall.com/lists/oss-security/2021/03/01/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 4%CPEs: 60EXPL: 0CVE-2021-25329 – Incomplete fix for CVE-2020-9484
https://notcve.org/view.php?id=CVE-2021-25329
01 Mar 2021 — The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. La corrección para el CVE-2020-9484 estaba incompleta. Cuando se usa Apache To... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 59%CPEs: 42EXPL: 0CVE-2021-24122 – Apache Tomcat information disclosure
https://notcve.org/view.php?id=CVE-2021-24122
14 Jan 2021 — When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. Cuando se sirven recursos desde una ubicación de red usando el si... • http://www.openwall.com/lists/oss-security/2021/01/14/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 11%CPEs: 55EXPL: 1CVE-2020-17527 – Apache Tomcat: Request header mix-up between HTTP/2 streams
https://notcve.org/view.php?id=CVE-2020-17527
03 Dec 2020 — While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. Al investigar el error 64830, se detectó que Apache Tomcat versiones 10.0.0-M1... • https://github.com/forse01/CVE-2020-17527-Tomcat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 11%CPEs: 131EXPL: 0CVE-2020-13943 – tomcat: Apache Tomcat HTTP/2 Request mix-up
https://notcve.org/view.php?id=CVE-2020-13943
12 Oct 2020 — If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. Si un cliente HTTP/2 conectado a A... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •