The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
References
| Link | Resource |
|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10379 | Third Party Advisory |
| https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E | |
| https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E | Mailing List Vendor Advisory |
| https://security.gentoo.org/glsa/202208-34 | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20211104-0001/ | Third Party Advisory |
| https://www.debian.org/security/2021/dsa-5009 | Third Party Advisory |
| https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
| https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
| https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:39
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
27 Oct 2022, 01:09
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:* |
|
| First Time |
Oracle managed File Transfer
Oracle big Data Spatial And Graph Oracle agile Engineering Data Management |
|
| References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
| References | (GENTOO) https://security.gentoo.org/glsa/202208-34 - Third Party Advisory | |
| References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
21 Aug 2022, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
25 Jul 2022, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
02 May 2022, 19:38
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Oracle retail Data Extractor For Merchandising
Oracle retail Financial Integration Oracle payment Interface Oracle middleware Common Libraries And Tools Oracle retail Eftlink Oracle retail Customer Insights Oracle retail Store Inventory Management Oracle taleo Platform |
|
| References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Vendor Advisory | |
| CPE | cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:* |
20 Apr 2022, 00:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Mar 2022, 16:39
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:* |
|
| First Time |
Oracle
Oracle sd-wan Edge Oracle hospitality Cruise Shipboard Property Management System Oracle communications Diameter Signaling Router |
|
| References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10379 - Third Party Advisory | |
| References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory |
23 Mar 2022, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
07 Feb 2022, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
04 Dec 2021, 03:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0001/ - Third Party Advisory | |
| References | (DEBIAN) https://www.debian.org/security/2021/dsa-5009 - Third Party Advisory | |
| CPE | cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* |
12 Nov 2021, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
10 Nov 2021, 01:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
05 Nov 2021, 18:47
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* | |
| References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0001/ - Third Party Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E - Mailing List, Patch, Vendor Advisory |
04 Nov 2021, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2021, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
20 Oct 2021, 17:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E - Mailing List, Vendor Advisory | |
| CPE | cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
| CWE | CWE-772 |
14 Oct 2021, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-10-14 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-42340
Mitre link : CVE-2021-42340
CVE.ORG link : CVE-2021-42340
JSON object : View
Products Affected
oracle
- payment_interface
- hospitality_cruise_shipboard_property_management_system
- middleware_common_libraries_and_tools
- big_data_spatial_and_graph
- retail_customer_insights
- retail_data_extractor_for_merchandising
- retail_eftlink
- retail_store_inventory_management
- taleo_platform
- managed_file_transfer
- retail_financial_integration
- agile_engineering_data_management
- sd-wan_edge
- communications_diameter_signaling_router
debian
- debian_linux
apache
- tomcat
netapp
- hci
- management_services_for_element_software
CWE
CWE-772
Missing Release of Resource after Effective Lifetime