Back to bug 2085304
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2022-05-13 00:10:10 UTC | CC | gzaronik, jclere, jwon, krathod, pjindal, rhcs-maint, szappis | |
| Anten Skrabec | 2022-05-13 00:10:54 UTC | Blocks | 2085305 | |
| Patrick Del Bello | 2022-05-13 13:21:39 UTC | Doc Text | A flaw was found int tomcat package: if a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. This affects Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20. | |
| RaTasha Tillery-Smith | 2022-05-13 13:32:02 UTC | Doc Text | A flaw was found int tomcat package: if a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. This affects Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20. | A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, which causes data to be returned to the wrong use and other errors. |
| Todd Cullum | 2022-05-23 20:20:15 UTC | Flags | needinfo?(thoger) | |
| CC | thoger | |||
| Tomas Hoger | 2022-05-23 20:38:06 UTC | Flags | needinfo?(thoger) | |
| Todd Cullum | 2022-05-24 21:30:30 UTC | Depends On | 2089983, 2089984 | |
| Todd Cullum | 2022-05-24 21:48:20 UTC | Doc Text | A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, which causes data to be returned to the wrong use and other errors. | A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, which causes data to be potentially returned to the wrong user or application stability issues. |
| Todd Cullum | 2022-05-24 22:23:47 UTC | Flags | needinfo?(thoger) | |
| Tomas Hoger | 2022-05-25 10:19:20 UTC | Flags | needinfo?(thoger) | |
| Red Hat Bugzilla | 2022-10-28 13:12:36 UTC | CC | krathod | |
| Matthew Harmsen | 2023-03-03 00:47:19 UTC | CC | rhcs-maint | |
| Matthew Harmsen | 2023-03-03 00:50:45 UTC | CC | rhcs-maint | |
| Red Hat Bugzilla | 2023-07-07 08:32:47 UTC | Assignee | security-response-team | nobody |
Back to bug 2085304