CVE-2021-42340 vulnerability in Apache and Other Products
Published on October 14, 2021
DoS via memory leak with WebSocket connections
Weakness Type
Missing Release of Resource after Effective Lifetime
The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.
Products Associated with CVE-2021-42340
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-42340 are published in these products:
Affected Versions
Apache Software Foundation Apache Tomcat:- Version Apache Tomcat 10 10.0.0-M10 to 10.0.11 is affected.
- Version Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5 is affected.
- Version Apache Tomcat 9 9.0.40 to 9.0.53 is affected.
- Version Apache Tomcat 8 8.5.60 to 8.5.71 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.