CVE-2021-42340
Description
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.703
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-42340 are affected in Tomcat 8.5.71 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in 1 October 2021 Fixed in Apache Tomcat 10.0.12 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in 1 October 2021 Fixed in Apache Tomcat 10.1.0-M6 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in 1 October 2021 Fixed in Apache Tomcat 9.0.54 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in 6 October 2021 Fixed in Apache Tomcat 8.5.72 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.4.0 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat 10.1.0 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat 10.0.12 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat 9.0.54 | Windows |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat 8.5.72 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.4 | Windows |
| Vulnerabilities CVE-2019-10072,CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.3.2 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.9 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.4 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.2 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.8 | Windows |
| Vulnerabilities CVE-2020-36518,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.2.0.0 | Windows |
| Vulnerabilities CVE-2020-36518,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.2.0.1 | Windows |
| Vulnerabilities CVE-2020-36518,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.2.0.2 | Windows |
| Vulnerabilities CVE-2020-36518,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.2.1.0 | Windows |
| Vulnerabilities CVE-2020-36518,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.2.1.1 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 6.2.7.10 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 6.2.7.11 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 6.2.7.12 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 6.2.7.5 | Windows |
| Vulnerabilities CVE-2020-4260,CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 6.2.7.6 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 6.2.7.7 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.3.1 | Windows |
| Vulnerabilities CVE-2020-4202,CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.3.3 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.4.1 | Windows |
| Vulnerabilities CVE-2020-4202,CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.4.2 | Windows |
| Vulnerabilities CVE-2020-4260,CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.5.0 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.5.1 | Windows |
| Vulnerabilities CVE-2019-4667,CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.5.2 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.5.5 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.5.6 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.1.0.1 | Windows |
| Vulnerabilities CVE-2021-4104,CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.1.0.2 | Windows |
| Vulnerabilities CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.0.5.7 | Windows |
| Vulnerabilities CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.1.2.1 | Windows |
| Vulnerabilities CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.1.2.2 | Windows |
| Vulnerabilities CVE-2021-42340,CVE-2022-23305 are affected in IBM UrbanCode Deploy 7.1.2.3 | Windows |
| tomcat9 security update(DSA-5009-1) tomcat9_9.0.43-2~deb11u3_all.deb | Linux |
| Vulnerabilities CVE-2021-42340 are affected in Tomcat 8.5.71 (For Linux) | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in 1 October 2021 Fixed in Apache Tomcat 10.0.12 (For Linux) | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in 1 October 2021 Fixed in Apache Tomcat 10.1.0-M6 (For Linux) | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in 1 October 2021 Fixed in Apache Tomcat 9.0.54 (For Linux) | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in 6 October 2021 Fixed in Apache Tomcat 8.5.72 (For Linux) | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat for Linux 10.1.0 | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat for Linux 10.0.12 | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat for Linux 9.0.54 | Linux |
| Vulnerabilities CVE-2021-42340 are fixed in Apache - tomcat for Linux 8.5.72 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234