![]() ![]() Multiple requests with invalid payload lengths could lead to a denial of service. Invalid payload lengths could trigger an infinite loop. A remote attacker may send a specially crafted request to exploit the vulnerability.Ī successful exploitation of the vulnerability could lead to information disclosure on an affected system. The release notes for Apache Tomcat 9.0.37 show that a vulnerability has been found and patched in July 2020, stating the following: The payload length in a WebSocket frame was not correctly validated. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. To do this correctly, you must determine if the Tomcat AJP Connector service is used in your server environment: If no cluster or reverse proxy is used, rest assured that AJP is not used. ![]() Apache Software Foundation has released a security advisory to address a vulnerability in the Apache Tomcat. The Ghostcat vulnerability has existed for more than a decade and it affects versions 6, 7, 8 and 9 of Apache Tomcat. Rapid7 Vulnerability & Exploit Database Apache Tomcat: (CVE-2021-25329) Free InsightVM Trial No credit card necessary. Apache Tomcat has officially released versions 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability. ![]()
0 Comments
Leave a Reply. |