VYPR
High severityNVD Advisory· Published Jul 12, 2021· Updated Aug 3, 2024

DoS after non-blocking IO error

CVE-2021-30639

Description

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 10.0.3, < 10.0.510.0.5
org.apache.tomcat:tomcatMaven
>= 9.0.0, < 9.0.459.0.45
org.apache.tomcat:tomcatMaven
< 8.5.658.5.65

Affected products

3

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.