This vulnerability is presently awaiting analysis.
A vulnerability successful Apache Tomcat allows an attacker to remotely trigger a denial of service. An mistake introduced arsenic portion of a alteration to amended mistake handling during non-blocking I/O meant that the mistake emblem associated with the Request entity was not reset betwixt requests. This meant that erstwhile a non-blocking I/O mistake occurred, each aboriginal requests handled by that petition entity would fail. Users were capable to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the anticipation of triggering a DoS. Applications that bash not usage non-blocking I/O are not exposed to this vulnerability. This contented affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.
CVSS 3.x Severity and Metrics:
Base Score: N/A
NVD score not yet provided.
0 alteration records recovered show changes