VYPR
High severity7.5NVD Advisory· Published Sep 16, 2021· Updated Jun 17, 2026

CVE-2021-41079

CVE-2021-41079

Description

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 10.0.0, < 10.0.410.0.4
org.apache.tomcat:tomcatMaven
>= 9.0.0, < 9.0.449.0.44
org.apache.tomcat:tomcatMaven
>= 8.5.0, < 8.5.648.5.64

Affected products

33

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.