Main Vulnerability Database SB2021031619

SB2021031619 - Denial of service in Apache Tomcat component in F5 Traffix SDC

Published: March 16, 2021

Security Bulletin ID SB2021031619

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2021-25122)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources within the application when processing new h2c connection requests. A remote attacker can send specially crafted requests to the server and obtain contents of HTTP responses, served to other users.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K00174195