Rewterz Threat Advisory – CVE-2021-42340 – Apache Tomcat Vulnerability

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series

October 15, 2021

Rewterz Threat Advisory – CVE-2021-3847 – Linux Kernel Vulnerability

October 15, 2021

Rewterz Threat Advisory – CVE-2021-42340 – Apache Tomcat Vulnerability

Severity

High

Analysis Summary

CVE-2021-42340

Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Denial of Service

Affected Vendors

Apache Tomcat

Affected Products

Apache Tomcat 8.5.60
Apache Tomcat 8.5.71
Apache Tomcat 9.0.40
Apache Tomcat 9.0.53
Apache Tomcat 10.0.0-M10
Apache Tomcat 10.0.11
Apache Tomcat 10.1.0-M1
Apache Tomcat 10.1.0-M5

Remediation

Upgrade to the latest version of Apache Tomcat, available from the Apache Web site.

http://tomcat.apache.org/

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series

Rewterz Threat Advisory – CVE-2021-3847 – Linux Kernel Vulnerability

Rewterz Threat Advisory – CVE-2021-42340 – Apache Tomcat Vulnerability

Severity

Analysis Summary

CVE-2021-42340

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan