Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 8.5.0 (including) | 8.5.64 (excluding) |
| Tomcat | Apache | 9.0.0 (including) | 9.0.44 (excluding) |
| Tomcat | Apache | 10.0.0 (including) | 10.0.2 (including) |
| Red Hat Fuse 7.11 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 5 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 5.5 on RHEL 7 | RedHat | jws5-tomcat-0:9.0.43-13.redhat_00013.1.el7jws | * |
| Red Hat JBoss Web Server 5.5 on RHEL 8 | RedHat | jws5-tomcat-0:9.0.43-13.redhat_00013.1.el8jws | * |
| Red Hat Support for Spring Boot 2.5.10 | RedHat | tomcat | * |
| Tomcat6 | Ubuntu | trusty | * |
| Tomcat6 | Ubuntu | xenial | * |
| Tomcat7 | Ubuntu | bionic | * |
| Tomcat7 | Ubuntu | trusty | * |
| Tomcat7 | Ubuntu | xenial | * |
| Tomcat8 | Ubuntu | bionic | * |
| Tomcat8 | Ubuntu | esm-apps/bionic | * |
| Tomcat8 | Ubuntu | xenial | * |
| Tomcat9 | Ubuntu | bionic | * |
| Tomcat9 | Ubuntu | focal | * |
| Tomcat9 | Ubuntu | hirsute | * |
| Tomcat9 | Ubuntu | impish | * |
| Tomcat9 | Ubuntu | kinetic | * |
| Tomcat9 | Ubuntu | lunar | * |
| Tomcat9 | Ubuntu | mantic | * |