Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Hi Engineering Team, One of the below account too looking for an update and asking to prioritize the fix for this CVE for RHEL 8: Account Name ACE-IT/LOCKEED MARTIN Account Number 1203914 Thank You!!
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2025:3609 https://access.redhat.com/errata/RHSA-2025:3609
This issue has been addressed in the following products: Red Hat JBoss Web Server 6.1 on RHEL 8 Red Hat JBoss Web Server 6.1 on RHEL 9 Via RHSA-2025:3608 https://access.redhat.com/errata/RHSA-2025:3608
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2025:4522 https://access.redhat.com/errata/RHSA-2025:4522
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.8 on RHEL 7 Red Hat JBoss Web Server 5.8 on RHEL 8 Red Hat JBoss Web Server 5.8 on RHEL 9 Via RHSA-2025:4521 https://access.redhat.com/errata/RHSA-2025:4521