CX: CVE-2021-41079 in Maven-org.apache.tomcat:tomcat-coyote and 9.0.22 @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 2 years ago

Description

Apache Tomcat 8.5.0 through 8.5.63, 9.0.0-M1 through 9.0.43, and 10.0.0-M1 through 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master

Vulnerability ID: CVE-2021-41079

Package Name: org.apache.tomcat:tomcat-coyote

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2021-09-16T15:15:00

Current Package Version: 9.0.22

Remediation Upgrade Recommendation: 9.0.90

Link To SCA

Reference – NVD link

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 1 week ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2021-41079 in Maven-org.apache.tomcat:tomcat-coyote and 9.0.22 @ JavaVulnerableLab-1.refs/heads/master #3