Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-41079

Опубликовано: 16 сент. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 7.5

Описание

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

not-affected

code not present
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

released

8.5.39-1ubuntu1~18.04.3+esm2
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

code not present
focal

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

released

9.0.16-3ubuntu0.18.04.2
devel

not-affected

9.0.70-2
esm-apps/bionic

released

9.0.16-3ubuntu0.18.04.2
esm-apps/focal

released

9.0.31-1ubuntu0.2
esm-apps/jammy

not-affected

9.0.53-1
esm-apps/noble

not-affected

9.0.70-1ubuntu1
esm-infra-legacy/trusty

DNE

focal

released

9.0.31-1ubuntu0.2
hirsute

ignored

end of life
impish

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 12%
0.00043
Низкий

4.3 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-41079

CVSS3: 7.5
redhat
почти 4 года назад

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

nvd логотип

CVE-2021-41079

CVSS3: 7.5
nvd
почти 4 года назад

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

debian логотип

CVE-2021-41079

CVSS3: 7.5
debian
почти 4 года назад

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...

github логотип

GHSA-59g9-7gfx-c72p

CVSS3: 7.5
github
почти 4 года назад

Infinite loop in Tomcat due to parsing error

fstec логотип

BDU:2022-02994

CVSS3: 7.5
fstec
почти 4 года назад

Уязвимость сервера приложений Apache Tomcat, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 12%
0.00043
Низкий

4.3 Medium

CVSS2

7.5 High

CVSS3