CVE-2021-41079 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.2
Apache Tomcat 9.0.0-M1 to 9.0.43
Apache Tomcat 8.5.0 to 8.5.63
Description:
When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a
Author: markt
Date: Wed Sep 15 17:51:53 2021
New Revision: 1893363
URL: http://svn.apache.org/viewvc?rev=1893363&view=rev
Log:
Publish CVE-2021-41079
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tom
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #4 from Mikko Suonio ---
I would like Tomcat developers to state clearly that this is not a valid
vulnerability. This would make it easier for Tomcat users to dismiss the issue
detected by vulnerability analysis of their software.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f6fa2f71b4a636eb08e8aa48cbc5b7ec23094e86
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchron
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 51258057032d7f7fcac2c9416bebab45d784053f
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor allo
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a26978b45d165e429c44c58022a4a8db93841da6
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug st
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c3d9cf805487595cb0f4cda474c5cd1a91f097e9
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potenti
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 5ca5269 Fix typo
new c3d9cf8 Fix a potential cause of intermittent test failure
new a26978b Move debug sta
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #3 from Jeehong Min ---
I filed the original bug. Afterwards, I realized that I made a mistake when I
was tracing dependencies with CVEs. Tomcat does not have any dependencies on
axis2-adb.
--
You are receiving this mail because
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c3f5655929027cc791a3f4e1c52ffb7f29cf2b20
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor allo
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit ea400ae393037ff516505e639d626c511067f5e5
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchron
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c846f70814a5b0f31d66acfdbff893641b8f9b8a
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug st
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0b2a4f78e6347a2508c18008add025e820a40971
Author: Mark Thomas
AuthorDate: Fri Sep 10 08:21:36 2021 +0100
Avoid StackOv
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b97bd8bef6cc60d8f07abae867ec91d83dc0823f
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potenti
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 7bc0ebb Fix typo
new 0b2a4f7 Avoid StackOverflowException
new b97bd8b Fix a potential cause of intermitten
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f61a413f176928e50c73831eaa433d71a403119a
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug s
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2653750ce02b94de559dd0396c8a42055ef7dd4c
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchro
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 23be85654d4121718610aea7a586af5748a310c9
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor all
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0d409fbeb62a594f681893f9a5585abcb6259656
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potent
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1e34825322e5d9ebadc9e8f128fb44ce76e4b3f9
Author: Mark Thomas
AuthorDate: Fri Sep 10 08:21:36 2021 +0100
Avoid StackO
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from da5ce59 Fix typo
new 1e34825 Avoid StackOverflowException
new 0d409fb Fix a potential cause of intermitte
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit dee5f2c1f744e789ab3a422de79385222d07ba6e
Author: Mark Thomas
AuthorDate: Wed Sep 15 14:12:26 2021 +0100
Refactor alloc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0a86874349c08b01a96f3c1f9f1f51dddbb74528
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:56:45 2021 +0100
Make synchroni
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7a1441acb6a2c527d97d345e99309e36e1e72a39
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:52:42 2021 +0100
Move debug sta
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 60baeb2128d72416f13753ce7091b15a537343fa
Author: Mark Thomas
AuthorDate: Wed Sep 15 13:47:35 2021 +0100
Fix a potentia
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 1988fad Merge pull request #450 from tussupbekov/typo-fix
new 60baeb2 Fix a potential cause of intermittent test
Le mer. 15 sept. 2021 à 13:13, Mark Thomas a écrit :
> On 15/09/2021 11:07, Romain Manni-Bucau wrote:
> > I think the last option is maybe the target: modularize tomcat properly.
>
> "Properly" is a highly subjective judgement. There are going to be
> wildly differing views on what constitutes a
On 15/09/2021 11:07, Romain Manni-Bucau wrote:
I think the last option is maybe the target: modularize tomcat properly.
"Properly" is a highly subjective judgement. There are going to be
wildly differing views on what constitutes a "proper" degree of modularity.
The people willing to have a
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #2 from Mark Thomas ---
Let me turn that around. What is your basis for claiming that this is a valid
vulnerability in Apache Tomcat?
(Hint: The original description for this contained multiple inaccuracies so
don't take any of tha
Hi Rory,
Congratiolations for JDK 17 GA!
Apache Tomcat 10.1.x build and tests pass successfully with
JDK 18-ea+14-756 on both Linux x86_64 and aarch64 !
Regards,
Martin
On Tue, Sep 14, 2021 at 6:55 PM Rory O'Donnell
wrote:
> Hi Mark,
>
> *Release Announcement: General Availability of Java 17
https://bz.apache.org/bugzilla/show_bug.cgi?id=65517
--- Comment #1 from Mikko Suonio ---
Can you comment on why this is invalid? Since this is related to a CVE, the
impact needs to be analyzed in many organizations.
--
You are receiving this mail because:
You are the assignee for the bug.
I think the last option is maybe the target: modularize tomcat properly.
The people willing to have as few as possible modules would just use a new
"bundle" module (this is what we do at openjpa, tomee, meecrowave etc)
which provides a bundle way of building apps but is not flexible.
So regarding J
cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-919880264
That's it for now. Is anyone willing to merge and port back? :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub an
On 15/09/2021 08:34, Romain Manni-Bucau wrote:
Hi all,
I was trying to strim down a JDK, all was smooth until I started to work
with Tomcat.
I am assuming this is with embedded.
The issues I hit:
- Tomcat is designed to be fully used with JPMS whereas I would like to be
able to use it in th
Hi all,
I was trying to strim down a JDK, all was smooth until I started to work
with Tomcat.
The issues I hit:
- Tomcat is designed to be fully used with JPMS whereas I would like to be
able to use it in the CP if a jlink custom distro (without forking/patching
tomcat jar indeed)
- module-info u
35 matches
Mail list logo
