1.0 Introduction
Recently, Apache has released security updates to a vulnerability in Apache Tomcat, a widely used Java servlet container.
2.0 Impact
This vulnerability could potentially cause a denial-of-service (DoS) attack on affected systems.
3.0 Affected Products
- Apache Tomcat version 11.0.0-M1 to 11.0.0-M20
- Apache Tomcat version 10.1.0-M1 to 10.1.24
- Apache Tomcat version 9.0.13 to 9.0.89
4.0 Recommendations
CyberSecurity Malaysia urges users and organisations to review the
Apache Security Bulletin
, follow the Mitigation steps and apply the necessary updates.
Fixed versions:
- Apache Tomcat 11: Upgrade to 11.0.0-M21 or later
- Apache Tomcat 10.1: Upgrade to 10.1.25 or later
- Apache Tomcat 9.0: Upgrade to 9.0.90 or later
Kindly refer to the URL for more information: https://lists.apache.org/thread/8xm50bvr6rhbjkdtbxl5x4d20dpfy83p
Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17.30 MYT
Web:
https://www.mycert.org.my
5.0 References