Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-42340

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
apache / tomcat 10.0.0-milestone10 10.0.0-milestone10.x
apache / tomcat 10.1.0-milestone3 10.1.0-milestone3.x
apache / tomcat 10.1.0-milestone4 10.1.0-milestone4.x
apache / tomcat 10.1.0-milestone5 10.1.0-milestone5.x
apache / tomcat 10.1.0-milestone1 10.1.0-milestone1.x
apache / tomcat 10.1.0-milestone2 10.1.0-milestone2.x
apache / tomcat 10.0.1 10.0.12
apache / tomcat 8.5.60 8.5.72
apache / tomcat 9.0.40 9.0.54
debian / debian_linux 11.0 11.0.x
oracle / managed_file_transfer 12.2.1.3.0 12.2.1.3.0.x
oracle / sd-wan_edge 9.0 9.0.x
oracle / agile_engineering_data_management 6.2.1.0 6.2.1.0.x
oracle / managed_file_transfer 12.2.1.4.0 12.2.1.4.0.x
oracle / hospitality_cruise_shipboard_property_management_system 20.1.0 20.1.0.x
oracle / sd-wan_edge 9.1 9.1.x
oracle / communications_diameter_signaling_router 8.0.0.0 8.5.0.2.x
oracle / big_data_spatial_and_graph - 23.1
oracle / middleware_common_libraries_and_tools 12.2.1.4.0 12.2.1.4.0.x
oracle / retail_customer_insights 15.0.2 15.0.2.x
oracle / retail_customer_insights 16.0.2 16.0.2.x
oracle / taleo_platform - -
oracle / payment_interface 20.3 20.3.x
oracle / payment_interface 19.1 19.1.x
oracle / retail_eftlink 21.0.0 21.0.0.x
oracle / retail_data_extractor_for_merchandising 16.0.2 16.0.2.x
oracle / retail_data_extractor_for_merchandising 15.0.2 15.0.2.x
oracle / retail_financial_integration 19.0.0 19.0.0.x
oracle / retail_financial_integration 16.0.1 16.0.1.x
oracle / retail_store_inventory_management 14.1.3.5 14.1.3.5.x
oracle / retail_store_inventory_management 14.1.3.14 14.1.3.14.x
oracle / retail_store_inventory_management 15.0.3.3 15.0.3.3.x
oracle / retail_store_inventory_management 15.0.3.8 15.0.3.8.x
oracle / retail_store_inventory_management 16.0.3.7 16.0.3.7.x
oracle / retail_store_inventory_management 14.0.4.13 14.0.4.13.x
org.apache.tomcat / tomcat 10.1.0-M1 10.1.0-M6
org.apache.tomcat / tomcat 10.0.0-M1 10.0.12
org.apache.tomcat / tomcat 9.0.40 9.0.54
org.apache.tomcat / tomcat 8.5.60 8.5.72