Updated: 2024-06-03 17:19:31.543843
Description:
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | NONE | 0 |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 7 ELS | tomcat | 7.0.76 | 7.5 | HIGH | Ignored | 2024-06-03 17:19:31 | We have reasoned not to port the fix for this vulnerability since the upstream didn't patch tomcat7 ... | |
Ubuntu 18.04 ELS | tomcat8 | 8.5.39-1 | 7.5 | HIGH | Released | CLSA-2024:1732701424 | 2024-11-27 11:55:16 | We have reasoned not to port the fix for this vulnerability since the upstream didn't patch tomcat7 ... |
Ubuntu 18.04 ELS | tomcat9 | 9.0.16-3 | 7.5 | HIGH | Released | CLSA-2024:1732637149 | 2024-11-26 11:56:40 | We have reasoned not to port the fix for this vulnerability since the upstream didn't patch tomcat7 ... |