Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
La vulnerabilidad de consumo descontrolado de recursos en la aplicación web de ejemplo proporcionada con Apache Tomcat provoca una denegación de servicio. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.1, desde 10.1.0-M1 hasta 10.1.33, desde 9.0.0.M1 hasta 9.9.97. Se recomienda a los usuarios que actualicen a la versión 11.0.2, 10.1.34 o 9.0.98, que soluciona el problema.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | LOW |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 3.9
Impact Score: 1.4
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-400
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | tomcat | * | <built-in method update of dict object at 0x75d828aac2c0> | Application |
| apache | tomcat | * | <built-in method update of dict object at 0x75d828aae180> | Application |
| apache | tomcat | * | <built-in method update of dict object at 0x75d819382480> | Application |
| netapp | bootstrap_os | - | <built-in method update of dict object at 0x75d819e9bb40> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |