Apache Tomcat Multiple CVEs Advisory: Auth Bypass, Path Traversal, DoS (CVE-2021-45030-45046)

Critical Vulnerability Information Fixed CVEs CVE-2021-35259: A path traversal vulnerability in certain Apache Tomcat configurations may lead to directory traversal attacks. CVE-2021-45046: An uncontrolled resource consumption vulnerability in Apache Tomcat may allow attackers to exhaust system resources by sending a large number of requests. CVE-2021-45045: A thread pool issue in Apache Tomcat that may lead to a denial-of-service attack. CVE-2021-45044: A thread pool issue in Apache Tomcat that may lead to a denial-of-service attack. CVE-2021-45043: A thread pool issue in Apache Tomcat that may lead to a denial-of-service attack. CVE-2021-45042: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45041: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45040: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45039: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45038: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45037: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45036: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45035: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45034: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45033: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45032: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45031: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45030: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. Third-Party CVEs CVE-2021-35259: A path traversal vulnerability in certain Apache Tomcat configurations may lead to directory traversal attacks. CVE-2021-45046: An uncontrolled resource consumption vulnerability in Apache Tomcat may allow attackers to exhaust system resources by sending a large number of requests. CVE-2021-45045: A thread pool issue in Apache Tomcat that may lead to a denial-of-service attack. CVE-2021-45044: A thread pool issue in Apache Tomcat that may lead to a denial-of-service attack. CVE-2021-45043: A thread pool issue in Apache Tomcat that may lead to a denial-of-service attack. CVE-2021-45042: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45041: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45040: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45039: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45038: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45037: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45036: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45035: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45034: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45033: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45032: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45031: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. CVE-2021-45030: An authentication bypass vulnerability in Apache Tomcat when using insecure PostgreSQL or Oracle databases. Security Enhancements Upgraded the JDBC driver version used by DPA to 10.1.42. Upgraded the query descriptor library JsonScriptLibrary to version 1.1.3. Fixed Customer Issues Case ID 61952734: DPA is functioning normally in AWS instance environments.

Goal Reached Thanks to every supporter — we hit 100%!

Apache Tomcat Multiple CVEs Advisory: Auth Bypass, Path Traversal, DoS (CVE-2021-45030-45046)