Date: Sun, 1 Aug 2021 21:36:20 GMT From: Kevin Bowling <kbowling@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 9462edd84baf - main - security/vuxml: document tomcat CVE-2021-30639 Message-ID: <202108012136.171LaKd9069397@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kbowling: URL: https://cgit.FreeBSD.org/ports/commit/?id=9462edd84baf7bc7e2716da90f81661080f273e0 commit 9462edd84baf7bc7e2716da90f81661080f273e0 Author: Kevin Bowling <kbowling@FreeBSD.org> AuthorDate: 2021-08-01 21:34:18 +0000 Commit: Kevin Bowling <kbowling@FreeBSD.org> CommitDate: 2021-08-01 21:35:55 +0000 security/vuxml: document tomcat CVE-2021-30639 PR: 257153 --- security/vuxml/vuln-2021.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index bb0aca87f452..52bcaa837c51 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,32 @@ + <vuln vid="cc7c85d9-f30a-11eb-b12b-fc4dd43e2b6a"> + <topic>tomcat -- Remote Denial of Service in multiple versions</topic> + <affects> + <package> + <name></name> + <range><eq>8.5.64</eq></range> + <range><eq>9.0.44</eq></range> + <range><ge>10.0.3</ge><le>10.0.4</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>rbeaudry reports:</p> + <blockquote cite="https://tomcat.apache.org/security.html">; + <p>A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS.</p> + <p>Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-30639</cvename> + <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639</url>; + </references> + <dates> + <discovery>2021-07-12</discovery> + <entry>2021-08-01</entry> + </dates> + </vuln> + <vuln vid="cbfd1874-efea-11eb-8fe9-036bd763ff35"> <topic>fetchmail -- 6.4.19 and older denial of service or information disclosure</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108012136.171LaKd9069397>