ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Dx NetOps : CVE-2021-42340 - Apache Tomcat Vulnerability

book

Article ID: 227263

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Affected by CVE-2021-42340

CVE CVSS Base Score GITSIR's Rating Product Name Affected Version
CVE-2021-42340 Not Available Not Available Apache Tomcat Apache Tomcat 10.1.0-M1 to 10.1.0-M5
Apache Tomcat 10.0.0-M1 to 10.0.11
Apache Tomcat 9.0.40 to 9.0.53
Apache Tomcat 8.5.60 to 8.5.71

 

Environment

Release : 21.2

Component :

Resolution

The solution is to upgrade tomcat to either :

apache-tomcat-upgrade-10_0_12 

apache-tomcat-upgrade-9_0_54

User story US782605 has been created for upgrading Tomcat to 9.0.54.  It will be part of 21.2.6 if no issues observed during testing.

 

Note : This document is published in Nov-2021, it will updated once the upgrade is done.