In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade RHEL:7
jws5-tomcat
to version 0:9.0.50-3.redhat_00004.1.el7jws or higher.
This issue was patched in RHSA-2021:4861
.
Note: Versions mentioned in the description apply only to the upstream jws5-tomcat
package and not the jws5-tomcat
package as distributed by RHEL
.
See How to fix?
for RHEL:7
relevant fixed versions and status.
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.