ID

VAR-202110-1693


CVE

CVE-2021-42340


TITLE

Apache Tomcat Resource Management Error Vulnerability (CNVD-2021-83785)

Trust: 0.6

sources: CNVD: CNVD-2021-83785

DESCRIPTION

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. Apache Tomcat is a lightweight web application server of the Apache Foundation. The program implements support for Servlet and JavaServer Page (JSP). Apache Tomcat has a security vulnerability. The vulnerability is caused by incorrectly verifying the data boundary when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc. Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.6.0 Security release Advisory ID: RHSA-2021:4861-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:4861 Issue date: 2021-11-30 CVE Names: CVE-2021-30640 CVE-2021-33037 CVE-2021-42340 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.6 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.6 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340) * tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037) * tomcat: JNDI realm authentication weakness (CVE-2021-30640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 6. Package List: Red Hat JBoss Web Server 5.6 for RHEL 7 Server: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.6 for RHEL 8: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30640 https://access.redhat.com/security/cve/CVE-2021-33037 https://access.redhat.com/security/cve/CVE-2021-42340 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYaaMntzjgjWX9erEAQibyg/9E3I1wMpKriqTZKlf1tGcPt4wShPVNKMh B4PC8t1vBZJZ2VBMrQJdmYBUKRn3mccCqUxd0ey/UfsacIoKvAACr18iXCxYc4cO MeNqy7SWRO+Kwze2fYpBu7w5dR34yhUQAN8DAOui7DduZsS209X7WhShrLSjzF5j g+nhRCi4l5QRwcy7NF4TAhmAN7f819BwDHQJI/ttaOHqEwsDnOlPNKbV0X4Hlkf5 5VRD/8ArImD7tqpSs/9YVh34MJLCVmVkWgHBDY0I06LcRSQJoRBZDEkoPRHQxU26 hKH5oDaVezm92RFFqfwo2HHY6eGJc/qTTcd/WeW4RDfx49+ARsOt2kvO2XcEo45A iUue2MayqnfdQHRI7MMNaaWoNudI2MVBcbQYhkTZcgApZEmtCe4taeo0YUvFqUeJ N1Awh8QIN5vqA7wKdtrHiQCMx/6/fqi3VtKN3LZEuUiRMM/sueqc1yob6piuU4Vk nyHP0ULSyMYnrzoqKN1BwbobRYyXKbVR376qMtxhLMe71PXg26TgDC9seUnooNum XgcRIdc7Q2WyGaFLxGE5fS0/7FagX/etRlg9DIHi27NVl0WXgmFVLC2ZumjfSoms FgQUTPwa2Bt90Oat2u7vnB5MBvCR0+OAAsM8TK/cn/31F697MMTI6Qloiq2DDOt4 2c2PkIZ6XrY=6RkQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. For the stable distribution (bullseye), this problem has been fixed in version 9.0.43-2~deb11u3. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGOe15fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRMcA/7BuGjRiyZnyDtGXxmq2Uew/62TR+u8WaZx6WC6mBNJgYvB1CHEap6+2EY YlFDiddqSC14tPAf+8gOWLVI1CzaWYtGYe8NjRpr6MjnUMfWonHnQn1SqDL8pORb yXLReYESx/YlvUs8+ZRsSoD5H0kFFA+6wYbeZ8gUcuyaV9hzRYDp3ATMAQCLL3RT obSBRpDv+0izjrCZqrcaLX0nBLK7YX/cEpGpT0xCqL6qkuDOVvLxtoc2HBCvYXsd i+9CL6sHzegCqzSypO+GTyOl815IF7BpqOTWm6JmqKDigQu6s432oT2o3Myex5+w CILS2jQaOLlf3nf9tGhbVDv6UougC27fXlkhopmBpINyKelX08Zazltsu86Wy2Zi O7eDLVQxeeSU7cgFBUoVwXouAG8vgfVw1cczYFE3O7Lj183pC3XS/HI+u3vGtooj LStn5jKDPI/vjAzaYk7sLH/OjDzmYXWX9/xQ0UpINK7I93CazE4toOjP0MlRMbZY MNm+KgKLD7ge1fzuZEyxmDempH5nsOcCz1I/xJ9O/gdpJOGAHg6Nu5FT+ceU6OeH lmY2BdUf46KYQO12wjs1VuapDwubiURGndA2F95aohxVV6QjsawKwJ9FLUKA+z6P TaTWS8DO8z9DAzA7IIAxuS9P0v4Hnr0L9ikldO1WMYQgOu5bLCI= =wISU -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #773571, #801916, #818160, #855971 ID: 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 8.5.82:8.5 >= 8.5.82:8.5 < 9.0.65:9 >= 9.0.65:9 < 10.0.23:10 >= 10.0.23:10 Description ========== Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache Tomcat 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10" All Apache Tomcat 9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9" All Apache Tomcat 8.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5" References ========= [ 1 ] CVE-2021-25122 https://nvd.nist.gov/vuln/detail/CVE-2021-25122 [ 2 ] CVE-2021-25329 https://nvd.nist.gov/vuln/detail/CVE-2021-25329 [ 3 ] CVE-2021-30639 https://nvd.nist.gov/vuln/detail/CVE-2021-30639 [ 4 ] CVE-2021-30640 https://nvd.nist.gov/vuln/detail/CVE-2021-30640 [ 5 ] CVE-2021-33037 https://nvd.nist.gov/vuln/detail/CVE-2021-33037 [ 6 ] CVE-2021-42340 https://nvd.nist.gov/vuln/detail/CVE-2021-42340 [ 7 ] CVE-2022-34305 https://nvd.nist.gov/vuln/detail/CVE-2022-34305 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-34 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4

Trust: 2.16

sources: NVD: CVE-2021-42340 // CNVD: CNVD-2021-83785 // VULHUB: VHN-397706 // VULMON: CVE-2021-42340 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169152 // PACKETSTORM: 168127 // PACKETSTORM: 167841

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-83785

AFFECTED PRODUCTS

vendor:oraclemodel:retail financial integrationscope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.14

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.3

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0.2

Trust: 1.0

vendor:netappmodel:management services for element softwarescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0.2

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:15.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:9.0.40

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:middleware common libraries and toolsscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:16.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:10.1.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4.13

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.5

Trust: 1.0

vendor:oraclemodel:taleo platformscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:21.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:8.5.72

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:netappmodel:hciscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:payment interfacescope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:payment interfacescope:eqversion:20.3

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0.1

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.8

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3.7

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:hospitality cruise shipboard property management systemscope:eqversion:20.1.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:10.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.60

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:10.0.12

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:9.0.54

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:10.0.1

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:big data spatial and graphscope:ltversion:23.1

Trust: 1.0

vendor:apachemodel:tomcatscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-83785 // NVD: CVE-2021-42340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42340
value: HIGH

Trust: 1.0

CNVD: CNVD-2021-83785
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202110-1057
value: HIGH

Trust: 0.6

VULHUB: VHN-397706
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-42340
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-42340
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-83785
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-397706
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-42340
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-83785 // VULHUB: VHN-397706 // VULMON: CVE-2021-42340 // CNNVD: CNNVD-202110-1057 // NVD: CVE-2021-42340

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

sources: VULHUB: VHN-397706 // NVD: CVE-2021-42340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1057

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1057

PATCH

title:Patch for Apache Tomcat Resource Management Error Vulnerability (CNVD-2021-83785)url:https://www.cnvd.org.cn/patchInfo/show/296691

Trust: 0.6

title:Apache Tomcat Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166768

Trust: 0.6

title:Debian Security Advisories: DSA-5009-1 tomcat9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=00ce291d41f0bec40669f5cb28c4ff5a

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1546url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1546

Trust: 0.1

title:Red Hat: Important: Red Hat support for Spring Boot 2.5.10 updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221179 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-42340url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-42340

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-42340 log

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.11.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-42340

Trust: 0.1

title:awesome-websocket-securityurl:https://github.com/PalindromeLabs/awesome-websocket-security

Trust: 0.1

sources: CNVD: CNVD-2021-83785 // VULMON: CVE-2021-42340 // CNNVD: CNNVD-202110-1057

EXTERNAL IDS

db:NVDid:CVE-2021-42340

Trust: 3.0

db:MCAFEEid:SB10379

Trust: 1.8

db:PACKETSTORMid:165112

Trust: 0.8

db:PACKETSTORMid:168127

Trust: 0.8

db:CNNVDid:CNNVD-202110-1057

Trust: 0.7

db:PACKETSTORMid:166707

Trust: 0.7

db:CNVDid:CNVD-2021-83785

Trust: 0.6

db:CS-HELPid:SB2022042265

Trust: 0.6

db:CS-HELPid:SB2021113014

Trust: 0.6

db:CS-HELPid:SB2022072010

Trust: 0.6

db:CS-HELPid:SB2021111711

Trust: 0.6

db:CS-HELPid:SB2022041951

Trust: 0.6

db:CS-HELPid:SB2022070601

Trust: 0.6

db:CS-HELPid:SB2021110507

Trust: 0.6

db:CS-HELPid:SB2021101507

Trust: 0.6

db:CS-HELPid:SB2022072030

Trust: 0.6

db:CS-HELPid:SB2022012770

Trust: 0.6

db:AUSCERTid:ESB-2021.4028

Trust: 0.6

db:AUSCERTid:ESB-2021.3418

Trust: 0.6

db:AUSCERTid:ESB-2021.3880

Trust: 0.6

db:AUSCERTid:ESB-2022.1837

Trust: 0.6

db:PACKETSTORMid:165117

Trust: 0.2

db:VULHUBid:VHN-397706

Trust: 0.1

db:VULMONid:CVE-2021-42340

Trust: 0.1

db:PACKETSTORMid:169152

Trust: 0.1

db:PACKETSTORMid:167841

Trust: 0.1

sources: CNVD: CNVD-2021-83785 // VULHUB: VHN-397706 // VULMON: CVE-2021-42340 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169152 // PACKETSTORM: 168127 // PACKETSTORM: 167841 // CNNVD: CNNVD-202110-1057 // NVD: CVE-2021-42340

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.debian.org/security/2021/dsa-5009

Trust: 1.9

url:https://security.gentoo.org/glsa/202208-34

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20211104-0001/

Trust: 1.8

url:https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3cannounce.tomcat.apache.org%3e

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10379

Trust: 1.7

url:https://vigilance.fr/vulnerability/apache-tomcat-memory-leak-via-websocket-http-upgrade-connections-metrics-36659

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-42340

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 1.0

url:https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3ccommits.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3ccommits.myfaces.apache.org%3e

Trust: 0.8

url:https://www.ibm.com/support/pages/node/6518310

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6524338

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021113014

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042265

Trust: 0.6

url:https://packetstormsecurity.com/files/166707/red-hat-security-advisory-2022-1179-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110507

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072030

Trust: 0.6

url:https://packetstormsecurity.com/files/165112/red-hat-security-advisory-2021-4863-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041951

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3418

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111711

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3880

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4028

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101507

Trust: 0.6

url:https://packetstormsecurity.com/files/168127/gentoo-linux-security-advisory-202208-34.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1837

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012770

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb20220720102

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070601

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-33037

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-30640

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10379

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/772.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-42340

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.5/html/release_notes_for_spring_boot_2.5/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3859

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3597

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20289

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3597

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.spring.boot&version=2.5.10

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4861

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4863

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/tomcat9

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-34305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25329

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

sources: CNVD: CNVD-2021-83785 // VULHUB: VHN-397706 // VULMON: CVE-2021-42340 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169152 // PACKETSTORM: 168127 // PACKETSTORM: 167841 // CNNVD: CNNVD-202110-1057 // NVD: CVE-2021-42340

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 167841

SOURCES

db:CNVDid:CNVD-2021-83785
db:VULHUBid:VHN-397706
db:VULMONid:CVE-2021-42340
db:PACKETSTORMid:166707
db:PACKETSTORMid:165117
db:PACKETSTORMid:165112
db:PACKETSTORMid:169152
db:PACKETSTORMid:168127
db:PACKETSTORMid:167841
db:CNNVDid:CNNVD-202110-1057
db:NVDid:CVE-2021-42340

LAST UPDATE DATE

2024-11-23T20:01:02.611000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-83785date:2021-11-04T00:00:00
db:VULHUBid:VHN-397706date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-42340date:2022-10-27T00:00:00
db:CNNVDid:CNNVD-202110-1057date:2022-08-23T00:00:00
db:NVDid:CVE-2021-42340date:2024-11-21T06:27:38.363

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-83785date:2021-10-18T00:00:00
db:VULHUBid:VHN-397706date:2021-10-14T00:00:00
db:VULMONid:CVE-2021-42340date:2021-10-14T00:00:00
db:PACKETSTORMid:166707date:2022-04-13T15:02:31
db:PACKETSTORMid:165117date:2021-12-01T16:38:47
db:PACKETSTORMid:165112date:2021-12-01T16:37:47
db:PACKETSTORMid:169152date:2021-11-28T20:12:00
db:PACKETSTORMid:168127date:2022-08-22T16:02:30
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:CNNVDid:CNNVD-202110-1057date:2021-10-14T00:00:00
db:NVDid:CVE-2021-42340date:2021-10-14T20:15:09.060