Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series
October 15, 2021Rewterz Threat Advisory – CVE-2021-3847 – Linux Kernel Vulnerability
October 15, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series
October 15, 2021Rewterz Threat Advisory – CVE-2021-3847 – Linux Kernel Vulnerability
October 15, 2021Severity
High
Analysis Summary
CVE-2021-42340
Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Affected Vendors
Apache Tomcat
Affected Products
- Apache Tomcat 8.5.60
- Apache Tomcat 8.5.71
- Apache Tomcat 9.0.40
- Apache Tomcat 9.0.53
- Apache Tomcat 10.0.0-M10
- Apache Tomcat 10.0.11
- Apache Tomcat 10.1.0-M1
- Apache Tomcat 10.1.0-M5
Remediation
Upgrade to the latest version of Apache Tomcat, available from the Apache Web site.