CVE-2021-41079

Updated: 2024-11-30 02:25:07.232803

Description:

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

Ubuntu 16.04 ELS tomcat8 8.0.32-1 7.5 HIGH Not Vulnerable 2024-08-22 17:29:32
Ubuntu 16.04 ELS tomcat7 7.0.68-1 7.5 HIGH Not Vulnerable 2024-08-22 17:29:33
Ubuntu 18.04 ELS tomcat8 8.5.39-1 7.5 HIGH Released CLSA-2023:1687469807 2023-06-22 21:16:27
Ubuntu 18.04 ELS tomcat9 9.0.16-3 7.5 HIGH Already Fixed 2023-06-02 09:09:42