GHSA-44qp-qhfv-c7f6

Source

https://github.com/advisories/GHSA-44qp-qhfv-c7f6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-44qp-qhfv-c7f6/GHSA-44qp-qhfv-c7f6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-44qp-qhfv-c7f6

Aliases

BIT-tomcat-2021-30639
CVE-2021-30639

Published

2021-08-13T15:21:02Z

Modified

2024-02-19T05:32:15.919393Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Handling of Exceptional Conditions in Apache Tomcat

Details

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.

Database specific

{
    "nvd_published_at": "2021-07-12T15:15:00Z",
    "cwe_ids": [
        "CWE-755"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-13T20:59:46Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.3

Fixed

10.0.5

Affected versions

10.*

10.0.4

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.0.45

Affected versions

9.*

9.0.1

9.0.2

9.0.4

9.0.5

9.0.6

9.0.7

9.0.8

9.0.10

9.0.11

9.0.12

9.0.13

9.0.14

9.0.16

9.0.17

9.0.19

9.0.20

9.0.21

9.0.22

9.0.24

9.0.26

9.0.27

9.0.29

9.0.30

9.0.31

9.0.33

9.0.34

9.0.35

9.0.36

9.0.37

9.0.38

9.0.39

9.0.40

9.0.41

9.0.43

9.0.44

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.65

Affected versions

7.*

7.0.35

7.0.37

7.0.39

7.0.40

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

7.0.53

7.0.54

7.0.55

7.0.56

7.0.57

7.0.59

7.0.61

7.0.62

7.0.63

7.0.64

7.0.65

7.0.67

7.0.68

7.0.69

7.0.70

7.0.72

7.0.73

7.0.75

7.0.76

7.0.77

7.0.78

7.0.79

7.0.81

7.0.82

7.0.84

7.0.85

7.0.86

7.0.88

7.0.90

7.0.91

7.0.92

7.0.93

7.0.94

7.0.96

7.0.99

7.0.100

7.0.103

7.0.104

7.0.105

7.0.106

7.0.107

7.0.108

7.0.109

8.*

8.0.0-RC1

8.0.0-RC3

8.0.0-RC5

8.0.0-RC10

8.0.1

8.0.3

8.0.5

8.0.8

8.0.9

8.0.11

8.0.12

8.0.14

8.0.15

8.0.17

8.0.18

8.0.20

8.0.21

8.0.22

8.0.23

8.0.24

8.0.26

8.0.27

8.0.28

8.0.29

8.0.30

8.0.32

8.0.33

8.0.35

8.0.36

8.0.37

8.0.38

8.0.39

8.0.41

8.0.42

8.0.43

8.0.44

8.0.45

8.0.46

8.0.47

8.0.48

8.0.49

8.0.50

8.0.51

8.0.52

8.0.53

8.5.0

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.8

8.5.9

8.5.11

8.5.12

8.5.13

8.5.14

8.5.15

8.5.16

8.5.19

8.5.20

8.5.21

8.5.23

8.5.24

8.5.27

8.5.28

8.5.29

8.5.30

8.5.31

8.5.32

8.5.33

8.5.34

8.5.35

8.5.37

8.5.38

8.5.39

8.5.40

8.5.41

8.5.42

8.5.43

8.5.45

8.5.46

8.5.47

8.5.49

8.5.50

8.5.51

8.5.53

8.5.54

8.5.55

8.5.56

8.5.57

8.5.58

8.5.59

8.5.60

8.5.61

8.5.63

8.5.64