QID 980413

QID 980413: Java (maven) Security Update for org.apache.tomcat:tomcat (GHSA-59g9-7gfx-c72p)

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

  • CVSS V3 rated as High - 7.5 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Customers are advised to refer to GHSA-59g9-7gfx-c72p for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 980413

    Software Advisories
    Advisory ID Software Component Link
    GHSA-59g9-7gfx-c72p org.apache.tomcat:tomcat URL Logo github.com/advisories/GHSA-59g9-7gfx-c72p