You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 7.0.X, 8.0.X, 8.5.X before 8.5.65, 9.0.X before 9.0.45 and 10.0.X before 10.0.5.
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 9.0.68
The text was updated successfully, but these errors were encountered:
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2021-30639
Checkmarx Project: AaronZhouYu/TotallySecureApp
Repository URL: https://github.com/AaronZhouYu/TotallySecureApp
Branch: main
Scan ID: d9fa6dd5-d23b-4436-b75a-41a016305f39
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 7.0.X, 8.0.X, 8.5.X before 8.5.65, 9.0.X before 9.0.45 and 10.0.X before 10.0.5.
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 9.0.68
The text was updated successfully, but these errors were encountered: