OESA-2021-1413
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1413
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1413.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1413
- Upstream
- Published
- 2021-11-04T11:03:19Z
- Modified
- 2025-08-12T05:10:21.174272Z
- Summary
- tomcat security update
- Details
-
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project
Security Fix(es):
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.(CVE-2021-42340)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / tomcat
Package
- Name
- tomcat
- Purl
- pkg:rpm/openEuler/tomcat&distro=openEuler-20.03-LTS-SP1