Описание
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.
This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.
Users are recommended to upgrade to version 9.0.107, which fixes the issue.
A denial of service flaw was found in Apache Tomcat. A race condition during connection closure could trigger a JVM crash when using the APR/Native connector, leading to a denial of service. This issue was particularly noticeable with client-initiated closures of HTTP/2 connections.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | tomcat | Fix deferred | ||
| Red Hat Enterprise Linux 10 | tomcat9 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | tomcat | Fix deferred | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/pki-servlet-engine | Fix deferred | ||
| Red Hat Enterprise Linux 8 | tomcat | Fix deferred | ||
| Red Hat Enterprise Linux 9 | pki-servlet-engine | Fix deferred | ||
| Red Hat Enterprise Linux 9 | tomcat | Fix deferred | ||
| Red Hat JBoss Web Server 5.8.5 | jws5-tomcat | Fixed | RHSA-2025:11696 | 28.07.2025 |
| Red Hat JBoss Web Server 5.8 on RHEL 7 | jws5-tomcat | Fixed | RHSA-2025:11695 | 28.07.2025 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue.
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue.
Concurrent Execution using Shared Resource with Improper Synchronizati ...
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
Уязвимость сервера приложений Apache Tomcat, связанная с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»), позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3