QwikSec

Security Database

CVE

CWE

Training

CVE-2021-41079

Published: Sep 16, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Vendor	Product	Versions
Apache Software Foundation	Apache Tomcat	affected `Apache Tomcat 8.5 8.5.0 to 8.5.63` affected `Apache Tomcat 9 9.0.0-M1 to 9.0.43` affected `Apache Tomcat 10 10.0.0-M1 to 10.0.2`

Weaknesses (CWE)

References

https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E

x_refsource_MISC

[debian-lts-announce] 20210922 [SECURITY] [DLA 2764-1] tomcat8 security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20211008-0005/

x_refsource_CONFIRM

[tomcat-dev] 20211014 [SECURITY] CVE-2021-42340 Apache Tomcat DoS

mailing-list

x_refsource_MLIST

[tomcat-users] 20211014 [SECURITY] CVE-2021-42340 Apache Tomcat DoS

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2021-41079 - Security Vulnerability | QwikSec