Описание
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tomcat10 | fixed | 10.1.34-1 | package | |
| tomcat9 | fixed | 9.0.70-2 | package | |
| tomcat9 | ignored | bullseye | package |
Примечания
Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4 (10.1.34)
https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1 (10.1.34)
https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585 (10.1.34)
https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444 (10.1.34)
https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb (10.1.34)
https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd (10.1.34)
https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66 (10.1.34)
https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd (9.0.98)
https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c (9.0.98)
https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654 (9.0.98)
https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d (9.0.98)
https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044 (9.0.98)
https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc (9.0.98)
https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a (9.0.98)
https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e (9.0.98)
https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533 (9.0.98)
EPSS
Связанные уязвимости
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Уязвимость сервера приложений Apache Tomcat, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS