Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.21.0, 8.13.18, 8.20.6
Affects Version/s: 8.20.1
Component/s: None
Labels:

CVSS Score:
7.5
CVSS Severity:
High
CVE ID:
CVE-2021-42340

Description

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to impact the application's availability via CVE-2021-42340, a Denial of Service (DoS) vulnerability in Apache Tomcat.

The affected versions of Atlassian Jira Server and Data Center are before version 8.21.0.

Affected versions:

version < 8.21.0

Fixed versions:

8.21.0

Workaround

You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article: How to Upgrade Apache Tomcat version in Jira.

Attachments

Issue Links

is related to

JRASERVER-72914 Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(11 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 30/Nov/2021 6:48 PM

Updated:: 19/May/2022 2:25 PM

Resolved:: 05/Jan/2022 5:10 AM