QID 980413
QID 980413: Java (maven) Security Update for org.apache.tomcat:tomcat (GHSA-59g9-7gfx-c72p)
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-59g9-7gfx-c72p for updates pertaining to this vulnerability.
Vendor References
- GHSA-59g9-7gfx-c72p -
github.com/advisories/GHSA-59g9-7gfx-c72p
CVEs related to QID 980413
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-59g9-7gfx-c72p | org.apache.tomcat:tomcat |
|