Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-42340 (GCVE-0-2021-42340)
Vulnerability from cvelistv5 – Published: 2021-10-14 19:55 – Updated: 2024-08-04 03:30
VLAI
EPSS
Title
DoS via memory leak with WebSocket connections
Summary
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Severity
7.5 (High)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/r83a35be60f0… | x_refsource_MISC |
| https://lists.apache.org/thread.html/r8097a2d1550… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-5009 | vendor-advisoryx_refsource_DEBIAN |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021110… | x_refsource_CONFIRM |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
| https://security.gentoo.org/glsa/202208-34 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
Apache Tomcat 10 10.0.0-M10 to 10.0.11
Affected: Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5 Affected: Apache Tomcat 9 9.0.40 to 9.0.53 Affected: Apache Tomcat 8 8.5.60 to 8.5.71 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "DSA-5009",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Tomcat 10 10.0.0-M10 to 10.0.11"
},
{
"status": "affected",
"version": "Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5"
},
{
"status": "affected",
"version": "Apache Tomcat 9 9.0.40 to 9.0.53"
},
{
"status": "affected",
"version": "Apache Tomcat 8 8.5.60 to 8.5.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T04:07:37.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "DSA-5009",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DoS via memory leak with WebSocket connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-42340",
"STATE": "PUBLIC",
"TITLE": "DoS via memory leak with WebSocket connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Apache Tomcat 10",
"version_value": "10.0.0-M10 to 10.0.11"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 10",
"version_value": "10.1.0-M1 to 10.1.0-M5"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 9",
"version_value": "9.0.40 to 9.0.53"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 8",
"version_value": "8.5.60 to 8.5.71"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "DSA-5009",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-42340",
"datePublished": "2021-10-14T19:55:14.000Z",
"dateReserved": "2021-10-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:30:38.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-42340",
"date": "2026-06-04",
"epss": "0.04282",
"percentile": "0.89036"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-42340\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-10-14T20:15:09.060\",\"lastModified\":\"2024-11-21T06:27:38.363\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\"},{\"lang\":\"es\",\"value\":\"La correcci\u00f3n del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0-M1 hasta 10.0.11, versiones 9.0.40 hasta 9.0.53 y versiones 8.5.60 hasta 8.5.71, introduc\u00eda una p\u00e9rdida de memoria. El objeto introducido para recopilar m\u00e9tricas para las conexiones de actualizaci\u00f3n HTTP no se liberaba para las conexiones WebSocket una vez que se cerraba la conexi\u00f3n. Esto creaba una p\u00e9rdida de memoria que, con el tiempo, pod\u00eda conllevar a una denegaci\u00f3n de servicio por medio de un OutOfMemoryError\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-772\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-772\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.60\",\"versionEndExcluding\":\"8.5.72\",\"matchCriteriaId\":\"890E6FBC-FCC5-44B0-8CE8-AD7E8F0A1BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.40\",\"versionEndExcluding\":\"9.0.54\",\"matchCriteriaId\":\"654BD045-868C-4DC0-B36C-824C0F4C41CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.1\",\"versionEndExcluding\":\"10.0.12\",\"matchCriteriaId\":\"1C639222-18E7-4BDC-A53A-684F63C42991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B9FF07-1B93-4F8C-AC56-7CA74E61B724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D402B5D-5901-43EB-8E6A-ECBD512CE367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9846609D-51FC-4CDD-97B3-8C6E07108F14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E321FB4-0B0C-497A-BB75-909D888C93CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB9D150-EED6-4AE9-BCBE-48932E50035E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6E548F-62E9-40CB-85DA-FDAA0F0096C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86B51137-28D9-41F2-AFA2-3CC22B4954D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1\",\"matchCriteriaId\":\"384DEDD9-CB26-4306-99D8-83068A9B23ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.5.0.2\",\"matchCriteriaId\":\"590ADE5F-0D0F-4576-8BA6-828758823442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05F5B430-8BA1-4865-93B5-0DE89F424B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB58D27-37F2-4A32-B786-3490024290A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB179A8-DFB7-4DCF-8DE3-096F376989F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D01A0EC-3846-4A74-A174-3797078DC699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E5FCFB-093A-48E9-8A4E-34C993D2764E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1C35DF-D30D-42C8-B56D-C809609AB2A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834B4CE7-042E-489F-AE19-0EEA2C37E7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82653579-FF7D-4492-9CA2-B3DF6A708831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32D2EB48-F9A2-4D23-81C5-4B30F2D785DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B95628-F108-424A-8C19-40A5F5B7D37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE6D2296-FF70-462A-963D-C93429499E4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7B0B33-2361-4CF5-8075-F609858A582E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88458537-6DE8-4D79-BC71-9D08883AD0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E310654-0793-41CC-B049-C754AC31D016\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5B22C6-97AF-4D1B-84C9-987C6F62C401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFD9AAE5-9472-49C6-B054-DB76BEB86D35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A104FDBD-0B28-44EE-91A0-A0C8939865A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06816711-7C49-47B9-A9D7-FB18CC3F42F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10009CC2-04DD-4CD3-B256-2D5EFD9A1D1D\"}]}]}],\"references\":[{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-34\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211104-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-5009\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211104-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-5009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость сервера приложений Apache Tomcat, связанная с утечкой памяти, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость сервера приложений Apache Tomcat связана с утечкой памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании в результате исправления ошибки 63362
Severity
Vendor
Oracle Corp., Red Hat Inc., Сообщество свободного программного обеспечения, Apache Software Foundation, ООО «Ред Софт», АО «ИВК», АО "НППКТ", McAfee Inc., АО «НТЦ ИТ РОСА»
Software Name
Managed File Transfer, Red Hat JBoss Fuse, Jboss Web Server, Debian GNU/Linux, OpenShift Application Runtimes, Oracle Agile PLM, Oracle SD-WAN Edge, Tomcat, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Red Hat Enterprise Linux, Communications Instant Messaging Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Commerce Guided Search, ePolicy Orchestrator, Oracle Communications Cloud Native Core Service Communication Proxy (SCP), Oracle Communications Element Manager, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager, MySQL Enterprise Monitor, Communications Diameter Signaling Router, Oracle Hospitality Cruise Shipboard Property Management System, Oracle Big Data Spatial and Graph, Agile Engineering Data Management, РОСА ХРОМ (запись в едином реестре российских программ №1607)
Software Version
12.2.1.3.0 (Managed File Transfer), 7 (Red Hat JBoss Fuse), 5.0 (Jboss Web Server), 10 (Debian GNU/Linux), 1.0 (OpenShift Application Runtimes), 12.2.1.4.0 (Managed File Transfer), 9.3.6 (Oracle Agile PLM), 9.0 (Oracle SD-WAN Edge), 11 (Debian GNU/Linux), от 10.1.0-M1 до 10.1.0-M5 (Tomcat), от 10.0.0-M1 до 10.0.11 (Tomcat), от 9.0.40 до 9.0.53 (Tomcat), от 8.5.60 до 8.5.71 (Tomcat), 7.3 (РЕД ОС), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), 10.0.1.5.0 (Communications Instant Messaging Server), до 2.5 (ОСОН ОСнова Оnyx), 11.3.2 (Commerce Guided Search), до 5.10.0 Update 13 (ePolicy Orchestrator), 1.15.0 (Oracle Communications Cloud Native Core Service Communication Proxy (SCP)), до 9.0 (Oracle Communications Element Manager), до 9.0 (Oracle Communications Session Report Manager), до 9.0 (Oracle Communications Session Route Manager), до 8.0.29 включительно (MySQL Enterprise Monitor), от 8.0.0.0 до 8.5.0.2 включительно (Communications Diameter Signaling Router), 9.1 (Oracle SD-WAN Edge), 20.1.0 (Oracle Hospitality Cruise Shipboard Property Management System), до 23.1 (Oracle Big Data Spatial and Graph), 6.2.1.0 (Agile Engineering Data Management), 5.6 on RHEL 7 (Jboss Web Server), 5.6 on RHEL 8 (Jboss Web Server), 12.4 (РОСА ХРОМ)
Possible Mitigations
Использование рекомендаций:
Для сервера приложений Apache Tomcat:
обновление программного средства до актуальной версии
Для Debian GNU/Linux:
https://www.debian.org/security/2021/dsa-5009
https://security-tracker.debian.org/tracker/CVE-2021-42340
Для ОСОН Основа:
обновление программного обеспечения tomcat9 до версии 9.0.43+repack-2~deb11u3osnova1
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-42340
Для McAfee:
https://kcm.trellix.com/corporate/index?page=content&id=SB10379
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Для операционной системы РОСА ХРОМ: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2258
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-42340
https://www.debian.org/security/2021/dsa-5009
https://lists.apache.org/thread/5k2dr6n8sw9g6swk7jyrkvk6wxqf6kx6
https://lists.apache.org/thread/q33k672q3q3zf114fpf7vfoycghtsbxd
https://www.suse.com/security/cve/CVE-2021-42340.htm
l
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://security-tracker.debian.org/tracker/CVE-2021-42340
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://access.redhat.com/security/cve/cve-2021-42340
https://kcm.trellix.com/corporate/index?page=content&id=SB10379
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2258
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-772
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Apache Software Foundation, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", McAfee Inc., \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.2.1.3.0 (Managed File Transfer), 7 (Red Hat JBoss Fuse), 5.0 (Jboss Web Server), 10 (Debian GNU/Linux), 1.0 (OpenShift Application Runtimes), 12.2.1.4.0 (Managed File Transfer), 9.3.6 (Oracle Agile PLM), 9.0 (Oracle SD-WAN Edge), 11 (Debian GNU/Linux), \u043e\u0442 10.1.0-M1 \u0434\u043e 10.1.0-M5 (Tomcat), \u043e\u0442 10.0.0-M1 \u0434\u043e 10.0.11 (Tomcat), \u043e\u0442 9.0.40 \u0434\u043e 9.0.53 (Tomcat), \u043e\u0442 8.5.60 \u0434\u043e 8.5.71 (Tomcat), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), 10.0.1.5.0 (Communications Instant Messaging Server), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 11.3.2 (Commerce Guided Search), \u0434\u043e 5.10.0 Update 13 (ePolicy Orchestrator), 1.15.0 (Oracle Communications Cloud Native Core Service Communication Proxy (SCP)), \u0434\u043e 9.0 (Oracle Communications Element Manager), \u0434\u043e 9.0 (Oracle Communications Session Report Manager), \u0434\u043e 9.0 (Oracle Communications Session Route Manager), \u0434\u043e 8.0.29 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u043e\u0442 8.0.0.0 \u0434\u043e 8.5.0.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Communications Diameter Signaling Router), 9.1 (Oracle SD-WAN Edge), 20.1.0 (Oracle Hospitality Cruise Shipboard Property Management System), \u0434\u043e 23.1 (Oracle Big Data Spatial and Graph), 6.2.1.0 (Agile Engineering Data Management), 5.6 on RHEL 7 (Jboss Web Server), 5.6 on RHEL 8 (Jboss Web Server), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Apache Tomcat:\n\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2021/dsa-5009\nhttps://security-tracker.debian.org/tracker/CVE-2021-42340\n\n\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\n\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f tomcat9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 9.0.43+repack-2~deb11u3osnova1\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-42340\n\n\u0414\u043b\u044f McAfee:\nhttps://kcm.trellix.com/corporate/index?page=content\u0026id=SB10379\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpujul2022.html\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2258\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.10.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.12.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-06115",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-42340",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Managed File Transfer, Red Hat JBoss Fuse, Jboss Web Server, Debian GNU/Linux, OpenShift Application Runtimes, Oracle Agile PLM, Oracle SD-WAN Edge, Tomcat, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Enterprise Linux, Communications Instant Messaging Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Commerce Guided Search, ePolicy Orchestrator, Oracle Communications Cloud Native Core Service Communication Proxy (SCP), Oracle Communications Element Manager, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager, MySQL Enterprise Monitor, Communications Diameter Signaling Router, Oracle Hospitality Cruise Shipboard Property Management System, Oracle Big Data Spatial and Graph, Agile Engineering Data Management, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.5 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Apache Tomcat, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0440\u043e\u043a\u0430 \u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CWE-772)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Apache Tomcat \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438 63362",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340\nhttps://www.debian.org/security/2021/dsa-5009\nhttps://lists.apache.org/thread/5k2dr6n8sw9g6swk7jyrkvk6wxqf6kx6\nhttps://lists.apache.org/thread/q33k672q3q3zf114fpf7vfoycghtsbxd\nhttps://www.suse.com/security/cve/CVE-2021-42340.htm\nl\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://security-tracker.debian.org/tracker/CVE-2021-42340\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://access.redhat.com/security/cve/cve-2021-42340\nhttps://kcm.trellix.com/corporate/index?page=content\u0026id=SB10379\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpujul2022.html\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2258\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-772",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-tomcat-2021-42340
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:09
Modified
2026-03-20 09:47
Summary
DoS via memory leak with WebSocket connections
Details
The fix for bug 63362 present in Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "tomcat",
"purl": "pkg:bitnami/tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"fixed": "8.5.72"
},
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.54"
},
{
"introduced": "10.0.1"
},
{
"fixed": "10.0.12"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-42340"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "The fix for bug 63362 present in Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.",
"id": "BIT-tomcat-2021-42340",
"modified": "2026-03-20T09:47:33.381Z",
"published": "2024-03-06T11:09:50.280Z",
"references": [
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340"
}
],
"schema_version": "1.5.0",
"summary": "DoS via memory leak with WebSocket connections"
}
CERTFR-2022-AVI-386
Vulnerability from certfr_avis - Published: 2022-04-26 - Updated: 2022-04-26
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 antérieure à 7.5.0 UP1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 antérieures à 7.4.3 FP5 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.3 antérieures à 7.3.3 FP11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 ant\u00e9rieure \u00e0 7.5.0 UP1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 ant\u00e9rieures \u00e0 7.4.3 FP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.3 ant\u00e9rieures \u00e0 7.3.3 FP11",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2021-38919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38919"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2021-33929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-38939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38939"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-38874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38874"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-33928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2021-38869",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38869"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2020-24370",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24370"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2020-16135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16135"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-29776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29776"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2021-33930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22345"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-38878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38878"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
}
],
"initial_release_date": "2022-04-26T00:00:00",
"last_revision_date": "2022-04-26T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-386",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574453 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574453"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574787 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574787"
}
]
}
CERTFR-2024-AVI-0240
Vulnerability from certfr_avis - Published: 2024-03-22 - Updated: 2024-03-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code arbitraire et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.16.1 | ||
| IBM | QRadar SIEM | QRadar SIEM M7 Appliances versions antérieures à 7.5 sans le microgiciel 4.0.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM M7 Appliances versions ant\u00e9rieures \u00e0 7.5 sans le microgiciel 4.0.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22950",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
},
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2022-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22976"
},
{
"name": "CVE-2022-22971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
},
{
"name": "CVE-2021-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41079"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2023-2248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2248"
},
{
"name": "CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2022-22980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22980"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2023-29986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29986"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2021-3923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3923"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2024-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0443"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2022-21216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21216"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2021-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-52071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52071"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-2269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2024-27277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27277"
},
{
"name": "CVE-2023-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47715"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2022-22970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2022-31690",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2024-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0853"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2022-27772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
}
],
"initial_release_date": "2024-03-22T00:00:00",
"last_revision_date": "2024-03-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0240",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une\nex\u00e9cution de code arbitraire et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7144944 du 21 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7144944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7144861 du 20 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7144861"
}
]
}
CERTFR-2024-AVI-0958
Vulnerability from certfr_avis - Published: 2024-11-08 - Updated: 2024-11-08
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.x antérieures à 2.3.4.1 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.13 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier python3.9.base versions antérieures à 3.9.20.0 | ||
| IBM | AIX | AIX version 7.2 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | AIX | AIX version 7.3 avec un fichier python3.9.base versions antérieures à 3.9.20.0 | ||
| IBM | AIX | AIX version 7.3 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 IF01 | ||
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.0 avec Db2 versions antérieures à 11.5.9 Special Build | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix03 | ||
| IBM | VIOS | VIOS version 3.1 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.10.27.0 | ||
| IBM | Cloud Transformation Advisor | Cloud Transformation Advisor versions antérieures à 3.10.2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.10.27.0 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix14 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions 2.3.4.x ant\u00e9rieures \u00e0 2.3.4.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.13",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.20.0",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.20.0",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions 2.3.4.0 avec Db2 versions ant\u00e9rieures \u00e0 11.5.9 Special Build",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix03",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 3.1 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.27.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Transformation Advisor versions ant\u00e9rieures \u00e0 3.10.2 ",
"product": {
"name": "Cloud Transformation Advisor",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.27.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix14",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.15",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2020-25659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-23181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23181"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2022-34305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34305"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2023-52584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52584"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2023-52609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52609"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2024-26667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26667"
},
{
"name": "CVE-2023-52608",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52608"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-26707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26707"
},
{
"name": "CVE-2024-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2023-52622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
},
{
"name": "CVE-2024-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26727"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2024-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26702"
},
{
"name": "CVE-2024-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26710"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2024-26663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26663"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-26660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26660"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2024-26640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2024-26696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
},
{
"name": "CVE-2024-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26698"
},
{
"name": "CVE-2024-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26714"
},
{
"name": "CVE-2024-26686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
},
{
"name": "CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-52590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52590"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2024-26870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26870"
},
{
"name": "CVE-2024-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27025"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26958"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-26925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26925"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-27020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27020"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-26820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26820"
},
{
"name": "CVE-2024-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-26825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26825"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2022-48632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48632"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35947"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2024-36905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-36950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36950"
},
{
"name": "CVE-2024-36954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
},
{
"name": "CVE-2021-47231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47231"
},
{
"name": "CVE-2021-47284",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47284"
},
{
"name": "CVE-2021-47373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
},
{
"name": "CVE-2021-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47408"
},
{
"name": "CVE-2021-47449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47449"
},
{
"name": "CVE-2021-47461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47461"
},
{
"name": "CVE-2021-47468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47468"
},
{
"name": "CVE-2021-47491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47491"
},
{
"name": "CVE-2021-47548",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47548"
},
{
"name": "CVE-2023-52662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52662"
},
{
"name": "CVE-2023-52679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52679"
},
{
"name": "CVE-2023-52707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52707"
},
{
"name": "CVE-2023-52730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
},
{
"name": "CVE-2023-52756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52756"
},
{
"name": "CVE-2023-52764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
},
{
"name": "CVE-2023-52777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52777"
},
{
"name": "CVE-2023-52791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
},
{
"name": "CVE-2023-52796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
},
{
"name": "CVE-2023-52803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52803"
},
{
"name": "CVE-2023-52811",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52811"
},
{
"name": "CVE-2023-52817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2023-52834",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52834"
},
{
"name": "CVE-2023-52847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-26940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26940"
},
{
"name": "CVE-2024-27395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27395"
},
{
"name": "CVE-2024-35801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35801"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-35847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35847"
},
{
"name": "CVE-2024-35912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35912"
},
{
"name": "CVE-2024-35924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35924"
},
{
"name": "CVE-2024-35930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35930"
},
{
"name": "CVE-2024-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35938"
},
{
"name": "CVE-2024-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35940"
},
{
"name": "CVE-2024-35952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35952"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2024-36016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
},
{
"name": "CVE-2024-36896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36896"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2023-52658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52658"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-26844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26844"
},
{
"name": "CVE-2024-26962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26962"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2024-35810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35810"
},
{
"name": "CVE-2024-35814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35814"
},
{
"name": "CVE-2024-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35824"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2024-36025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36025"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-35807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
},
{
"name": "CVE-2024-35893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35893"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35900"
},
{
"name": "CVE-2024-35910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35910"
},
{
"name": "CVE-2024-35925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35925"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-38596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38596"
},
{
"name": "CVE-2024-38598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38598"
},
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2023-52648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52648"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-48743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48743"
},
{
"name": "CVE-2022-48747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48747"
},
{
"name": "CVE-2023-52762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52762"
},
{
"name": "CVE-2023-52784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
},
{
"name": "CVE-2023-52845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
},
{
"name": "CVE-2024-26842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26842"
},
{
"name": "CVE-2024-36917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-38555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
},
{
"name": "CVE-2024-38573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38573"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-26662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26662"
},
{
"name": "CVE-2024-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26703"
},
{
"name": "CVE-2024-26818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26818"
},
{
"name": "CVE-2024-26824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26824"
},
{
"name": "CVE-2024-26831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26831"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
},
{
"name": "CVE-2024-39276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39276"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36010"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2024-36927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36927"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2021-47018",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47018"
},
{
"name": "CVE-2021-47257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
},
{
"name": "CVE-2021-47304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47304"
},
{
"name": "CVE-2021-47579",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47579"
},
{
"name": "CVE-2021-47624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47624"
},
{
"name": "CVE-2022-48757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48757"
},
{
"name": "CVE-2023-52471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
},
{
"name": "CVE-2023-52775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52775"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2021-42694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42694"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-43832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43832"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-42251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42251"
},
{
"name": "CVE-2021-43980",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43980"
},
{
"name": "CVE-2023-20584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20584"
},
{
"name": "CVE-2023-31356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31356"
},
{
"name": "CVE-2023-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36328"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2023-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5115"
},
{
"name": "CVE-2023-52596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52596"
},
{
"name": "CVE-2023-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5764"
},
{
"name": "CVE-2024-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21529"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-25620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25620"
},
{
"name": "CVE-2024-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26147"
},
{
"name": "CVE-2024-26713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26713"
},
{
"name": "CVE-2024-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26721"
},
{
"name": "CVE-2024-26823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26823"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2024-42254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42254"
},
{
"name": "CVE-2024-42255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42255"
},
{
"name": "CVE-2024-42256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42256"
},
{
"name": "CVE-2024-42258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42258"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43857"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-46982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2024-11-08T00:00:00",
"last_revision_date": "2024-11-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0958",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174802",
"url": "https://www.ibm.com/support/pages/node/7174802"
},
{
"published_at": "2024-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174634",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"published_at": "2024-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174639",
"url": "https://www.ibm.com/support/pages/node/7174639"
},
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175196",
"url": "https://www.ibm.com/support/pages/node/7175196"
},
{
"published_at": "2024-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175086",
"url": "https://www.ibm.com/support/pages/node/7175086"
},
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175192",
"url": "https://www.ibm.com/support/pages/node/7175192"
},
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174799",
"url": "https://www.ibm.com/support/pages/node/7174799"
},
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174797",
"url": "https://www.ibm.com/support/pages/node/7174797"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174945",
"url": "https://www.ibm.com/support/pages/node/7174945"
},
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174912",
"url": "https://www.ibm.com/support/pages/node/7174912"
},
{
"published_at": "2024-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175166",
"url": "https://www.ibm.com/support/pages/node/7175166"
}
]
}
FKIE_CVE-2021-42340
Vulnerability from fkie_nvd - Published: 2021-10-14 20:15 - Updated: 2024-11-21 06:27
Severity
Summary
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "890E6FBC-FCC5-44B0-8CE8-AD7E8F0A1BFA",
"versionEndExcluding": "8.5.72",
"versionStartIncluding": "8.5.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "654BD045-868C-4DC0-B36C-824C0F4C41CD",
"versionEndExcluding": "9.0.54",
"versionStartIncluding": "9.0.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C639222-18E7-4BDC-A53A-684F63C42991",
"versionEndExcluding": "10.0.12",
"versionStartIncluding": "10.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "83B9FF07-1B93-4F8C-AC56-7CA74E61B724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05F5B430-8BA1-4865-93B5-0DE89F424B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D01A0EC-3846-4A74-A174-3797078DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03E5FCFB-093A-48E9-8A4E-34C993D2764E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1C35DF-D30D-42C8-B56D-C809609AB2A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "834B4CE7-042E-489F-AE19-0EEA2C37E7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82653579-FF7D-4492-9CA2-B3DF6A708831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B95628-F108-424A-8C19-40A5F5B7D37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6D2296-FF70-462A-963D-C93429499E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B0B33-2361-4CF5-8075-F609858A582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "88458537-6DE8-4D79-BC71-9D08883AD0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E310654-0793-41CC-B049-C754AC31D016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5B22C6-97AF-4D1B-84C9-987C6F62C401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD9AAE5-9472-49C6-B054-DB76BEB86D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A104FDBD-0B28-44EE-91A0-A0C8939865A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10009CC2-04DD-4CD3-B256-2D5EFD9A1D1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
},
{
"lang": "es",
"value": "La correcci\u00f3n del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0-M1 hasta 10.0.11, versiones 9.0.40 hasta 9.0.53 y versiones 8.5.60 hasta 8.5.71, introduc\u00eda una p\u00e9rdida de memoria. El objeto introducido para recopilar m\u00e9tricas para las conexiones de actualizaci\u00f3n HTTP no se liberaba para las conexiones WebSocket una vez que se cerraba la conexi\u00f3n. Esto creaba una p\u00e9rdida de memoria que, con el tiempo, pod\u00eda conllevar a una denegaci\u00f3n de servicio por medio de un OutOfMemoryError"
}
],
"id": "CVE-2021-42340",
"lastModified": "2024-11-21T06:27:38.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-14T20:15:09.060",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WPH7-X527-W3H5
Vulnerability from github – Published: 2021-10-15 18:51 – Updated: 2024-03-11 16:36
VLAI
Summary
Missing Release of Resource after Effective Lifetime in Apache Tomcat
Details
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Severity
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.1.0-M5"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.0-M6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0-M1"
},
{
"fixed": "10.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.54"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"fixed": "8.5.72"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-42340"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-15T13:59:01Z",
"nvd_published_at": "2021-10-14T20:15:00Z",
"severity": "HIGH"
},
"details": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.",
"id": "GHSA-wph7-x527-w3h5",
"modified": "2024-03-11T16:36:26Z",
"published": "2021-10-15T18:51:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211104-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Missing Release of Resource after Effective Lifetime in Apache Tomcat"
}
GSD-2021-42340
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-42340",
"description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.",
"id": "GSD-2021-42340",
"references": [
"https://www.suse.com/security/cve/CVE-2021-42340.html",
"https://www.debian.org/security/2021/dsa-5009",
"https://access.redhat.com/errata/RHSA-2021:4863",
"https://access.redhat.com/errata/RHSA-2021:4861",
"https://advisories.mageia.org/CVE-2021-42340.html",
"https://security.archlinux.org/CVE-2021-42340",
"https://access.redhat.com/errata/RHSA-2022:1179",
"https://alas.aws.amazon.com/cve/html/CVE-2021-42340.html",
"https://access.redhat.com/errata/RHSA-2022:5532"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-42340"
],
"details": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.",
"id": "GSD-2021-42340",
"modified": "2023-12-13T01:23:06.529864Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-42340",
"STATE": "PUBLIC",
"TITLE": "DoS via memory leak with WebSocket connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Apache Tomcat 10",
"version_value": "10.0.0-M10 to 10.0.11"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 10",
"version_value": "10.1.0-M1 to 10.1.0-M5"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 9",
"version_value": "9.0.40 to 9.0.53"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 8",
"version_value": "8.5.60 to 8.5.71"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "DSA-5009",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[8.5.60,8.5.72),[9.0.40,9.0.54),[10.0.0,10.1.0]",
"affected_versions": "All versions starting from 8.5.60 before 8.5.72, all versions starting from 9.0.40 before 9.0.54, all versions starting from 10.0.0 up to 10.1.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-772",
"CWE-937"
],
"date": "2022-10-27",
"description": "tomcat is vulnerable to a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.",
"fixed_versions": [
"8.5.72",
"9.0.54"
],
"identifier": "CVE-2021-42340",
"identifiers": [
"CVE-2021-42340"
],
"not_impacted": "",
"package_slug": "maven/org.apache.tomcat.embed/tomcat-embed-core",
"pubdate": "2021-10-14",
"solution": "Upgrade to versions 8.5.72, 9.0.54 or above.",
"title": "Missing Release of Resource after Effective Lifetime",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-42340"
],
"uuid": "3fd44303-c281-4c0f-bc2e-6030c8e608f7"
},
{
"affected_range": "[8.5.60,8.5.72),[9.0.40,9.0.54),[10.0.0,10.1.0]",
"affected_versions": "All versions starting from 8.5.60 before 8.5.72, all versions starting from 9.0.40 before 9.0.54, all versions starting from 10.0.0 up to 10.1.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-772",
"CWE-937"
],
"date": "2022-10-27",
"description": "tomcat is vulnerable to a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.",
"fixed_versions": [
"8.5.72",
"9.0.54"
],
"identifier": "CVE-2021-42340",
"identifiers": [
"CVE-2021-42340"
],
"not_impacted": "",
"package_slug": "maven/org.apache.tomcat/tomcat",
"pubdate": "2021-10-14",
"solution": "Upgrade to versions 8.5.72, 9.0.54 or above.",
"title": "Missing Release of Resource after Effective Lifetime",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-42340"
],
"uuid": "5c04172c-3534-4211-ad4f-5aa5b6a8ed38"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.12",
"versionStartIncluding": "10.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.72",
"versionStartIncluding": "8.5.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.54",
"versionStartIncluding": "9.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-42340"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "DSA-5009",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5009"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-34",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-27T01:09Z",
"publishedDate": "2021-10-14T20:15Z"
}
}
}
RHBA-2022:8077
Vulnerability from csaf_redhat - Published: 2022-11-15 10:41 - Updated: 2026-05-14 18:56Summary
Red Hat Bug Fix Advisory: pki-servlet-engine bug fix and enhancement update
Severity
Low
Notes
Topic: An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.
Details: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:pki-servlet-4.0-api-1:9.0.50-1.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:8077",
"url": "https://access.redhat.com/errata/RHBA-2022:8077"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2060910",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060910"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_8077.json"
}
],
"title": "Red Hat Bug Fix Advisory: pki-servlet-engine bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T18:56:37+00:00",
"generator": {
"date": "2026-05-14T18:56:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHBA-2022:8077",
"initial_release_date": "2022-11-15T10:41:33+00:00",
"revision_history": [
{
"date": "2022-11-15T10:41:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T10:41:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:56:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.50-1.el9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.50-1.el9.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.50-1.el9.noarch",
"product_id": "pki-servlet-engine-1:9.0.50-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.50-1.el9?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.50-1.el9.src",
"product": {
"name": "pki-servlet-engine-1:9.0.50-1.el9.src",
"product_id": "pki-servlet-engine-1:9.0.50-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.50-1.el9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:pki-servlet-4.0-api-1:9.0.50-1.el9.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.50-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.50-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.50-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.src"
},
"product_reference": "pki-servlet-engine-1:9.0.50-1.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42340",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2021-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2014356"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenStack Platform, Tomcat is provided as a component of OpenDaylight. This flaw will not receive a fix as OpenDaylight was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.noarch",
"AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42340"
},
{
"category": "external",
"summary": "RHBZ#2014356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
}
],
"release_date": "2021-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:41:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.noarch",
"AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:8077"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:pki-servlet-4.0-api-1:9.0.50-1.el9.noarch",
"AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.noarch",
"AppStream-9.1.0.GA:pki-servlet-engine-1:9.0.50-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS"
}
]
}
RHSA-2021:4861
Vulnerability from csaf_redhat - Published: 2021-11-30 14:28 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release
Severity
Important
Notes
Topic: Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
* tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340)
* tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037)
* tomcat: JNDI realm authentication weakness (CVE-2021-30640)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability.
7.4 (High)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.
7.5 (High)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.
5.9 (Medium)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
6.5 (Medium)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
4.3 (Medium)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
37 references
Acknowledgments
Ingo Schwarze
the OpenSSL project
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340)\n* tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037)\n* tomcat: JNDI realm authentication weakness (CVE-2021-30640)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4861",
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1981533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981533"
},
{
"category": "external",
"summary": "1981544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544"
},
{
"category": "external",
"summary": "2014356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4861.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release",
"tracking": {
"current_release_date": "2026-05-14T22:31:25+00:00",
"generator": {
"date": "2026-05-14T22:31:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:4861",
"initial_release_date": "2021-11-30T14:28:36+00:00",
"revision_history": [
{
"date": "2021-11-30T14:28:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-30T14:28:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.6::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.6 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.50-3.redhat_00004.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"product_id": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.30-3.redhat_3.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-4.Final_redhat_00004.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.50-3.redhat_00004.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"product_id": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.30-3.redhat_3.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-4.Final_redhat_00004.1.el8jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.50-3.redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-4.Final_redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-4.Final_redhat_00004.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.50-3.redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-4.Final_redhat_00004.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-4.Final_redhat_00004.1.el8jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.30-3.redhat_3.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.30-3.redhat_3.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.30-3.redhat_3.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.30-3.redhat_3.el8jws?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 7 Server",
"product_id": "7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.6 for RHEL 8",
"product_id": "8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the OpenSSL project"
],
"organization": "Ingo Schwarze",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-3712",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-08-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995634"
}
],
"notes": [
{
"category": "description",
"text": "It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Read buffer overruns processing ASN.1 strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following Red Hat products do not ship the affected OpenSSL component but rely on the Red Hat Enterprise Linux to consume them:\n * Red Hat Satellite\n * Red Hat Update Infrastructure\n * Red Hat CloudForms\n\nThe Red Hat Advanced Cluster Management for Kubernetes is using the vulnerable version of the library, however the vulnerable code path is not reachable.\n\ncompat-openssl10 is deprecated and has been removed from RHEL 9 and later. No further patches would be available for this component except on a case by case basis.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3712"
},
{
"category": "external",
"summary": "RHBZ#1995634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20210824.txt",
"url": "https://www.openssl.org/news/secadv/20210824.txt"
}
],
"release_date": "2021-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T14:28:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
},
{
"category": "workaround",
"details": "Customers should make an attempt to run current binaries/architectures and not rely on compatibility layers to run older binaries/architectures. In case older binaries/architectures are needed, sandboxing should be used to address such problems and guard the bug.",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Read buffer overruns processing ASN.1 strings"
},
{
"cve": "CVE-2021-23840",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1930324"
}
],
"notes": [
{
"category": "description",
"text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: integer overflow in CipherUpdate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects applications which are compiled with OpenSSL and using EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly.\n\nOpenSSL in Red Hat Enterprise Linux 9 was marked as not affected as its already fixed in RHEL9 Alpha release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23840"
},
{
"category": "external",
"summary": "RHBZ#1930324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20210216.txt",
"url": "https://www.openssl.org/news/secadv/20210216.txt"
}
],
"release_date": "2021-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T14:28:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: integer overflow in CipherUpdate"
},
{
"cve": "CVE-2021-23841",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1930310"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a a null pointer dereference in the X509_issuer_and_serial_hash() function, which can result in crash if called by an application compiled with OpenSSL, by passing a specially-crafted certificate. OpenSSL internally does not use this function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23841"
},
{
"category": "external",
"summary": "RHBZ#1930310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20210216.txt",
"url": "https://www.openssl.org/news/secadv/20210216.txt"
}
],
"release_date": "2021-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T14:28:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
},
{
"category": "workaround",
"details": "As per upstream \"The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.\"",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()"
},
{
"cve": "CVE-2021-30640",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981544"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: JNDI realm authentication weakness",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "RHBZ#1981544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30640"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T14:28:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: JNDI realm authentication weakness"
},
{
"cve": "CVE-2021-33037",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981533"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP request smuggling when used with a reverse proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "RHBZ#1981533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33037"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33037",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33037"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T14:28:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP request smuggling when used with a reverse proxy"
},
{
"cve": "CVE-2021-42340",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2021-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2014356"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenStack Platform, Tomcat is provided as a component of OpenDaylight. This flaw will not receive a fix as OpenDaylight was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42340"
},
{
"category": "external",
"summary": "RHBZ#2014356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
}
],
"release_date": "2021-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T14:28:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4861"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk11-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-java-jdk8-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el7jws.x86_64",
"7Server-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el7jws.src",
"7Server-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el7jws.noarch",
"7Server-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el7jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-0:9.0.50-3.redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-admin-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-docs-webapp-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-el-3.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-javadoc-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-jsp-2.3-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-lib-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-native-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-native-debuginfo-0:1.2.30-3.redhat_3.el8jws.x86_64",
"8Base-JWS-5.6:jws5-tomcat-selinux-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-servlet-4.0-api-0:9.0.50-3.redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-vault-0:1.1.8-4.Final_redhat_00004.1.el8jws.src",
"8Base-JWS-5.6:jws5-tomcat-vault-javadoc-0:1.1.8-4.Final_redhat_00004.1.el8jws.noarch",
"8Base-JWS-5.6:jws5-tomcat-webapps-0:9.0.50-3.redhat_00004.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…