Severity
7.5
High severity
Details
- CVSS score
- 7.5
- CVSS vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE ID
Overview
About vulnerability
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.Details
- Affected product:
- Apache Tomcat , Debian 10 ELS , Spring , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS , logging-flume , logging-log4j2 , thrift
- Affected packages:
- spring-boot-security-test-web-helloworld @ 1.5.22.RELEASE (+199 more)