Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
2025-04-28T20:15:20.653
2025-05-06T20:15:26.237
Modified
CVSSv3.1: 7.5 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | apache | tomcat | < 9.0.104 | Yes |
Application | apache | tomcat | < 10.1.40 | Yes |
Application | apache | tomcat | < 11.0.6 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |
Application | apache | tomcat | 11.0.0 | Yes |