Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Remediation
References
Related Vulnerabilities
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)
PHP Out-of-bounds Write Vulnerability (CVE-2021-21704)
e107 Other Vulnerability (CVE-2007-3429)
WordPress Plugin A/B Test 'action' Parameter Directory Traversal (1.0.6)
WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)