What is CVE-2021-41079?

A high-severity vulnerability has been identified in Apache Tomcat affecting versions 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43, and 10.0.0-M1 to 10.0.2. Organizations are urged to patch immediately to prevent potential denial of service attacks.

What is the severity of CVE-2021-41079?

CVE-2021-41079 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2021-41079 | High Vulnerability in Apache Tomcat

Apache Tomcat versions 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43, and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This vulnerability is classified as high severity with a CVSS score of 7.5.

Risk to organizations includes potential downtime and service disruption, which can significantly impact business operations. Given the nature of this vulnerability, it is crucial for organizations to take immediate action to secure their systems.

As of now, there are no known exploits or public proof of concepts available for this vulnerability, but the potential for exploitation exists, making it important for organizations to prioritize patching in their security cycles.

Organizations should prioritize patching immediately to mitigate this risk and ensure their environments remain secure.

Vulnerability Details

The vulnerability, identified as CVE-2021-41079, affects multiple versions of Apache Tomcat, specifically versions 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43, and 10.0.0-M1 to 10.0.2. The issue stems from improper validation of incoming TLS packets, which can lead to an infinite loop and denial of service when certain configurations are in use.

The CVSS score of 7.5 indicates a high-severity classification, highlighting the critical nature of this vulnerability. Organizations using affected versions of Apache Tomcat should take immediate steps to update their systems.

Technical Analysis

The root cause of this vulnerability lies in the failure to properly validate the incoming TLS packets, leading to an infinite loop. The attack vector is network-based, and the complexity is low, meaning that no special skills or authentication are required to exploit this vulnerability.

The impact on availability is high, as successful exploitation can render the Tomcat server inoperable. There is no confidentiality or integrity impact associated with this vulnerability.

Risk & Impact Analysis

The real-world impact of CVE-2021-41079 can be significant, particularly for organizations relying on Apache Tomcat for web applications. The potential for downtime due to denial of service attacks could affect customer satisfaction and result in financial losses.

Given the prevalence of Apache Tomcat in various environments, the blast radius of this vulnerability is extensive. Organizations are strongly encouraged to assess their exposure and prioritize patching efforts based on their risk management strategies.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Apache Tomcat include:

• Apache Tomcat versions 8.5.0 to 8.5.63 • Apache Tomcat versions 9.0.0-M1 to 9.0.43 • Apache Tomcat versions 10.0.0-M1 to 10.0.2

Mitigation & Remediation

Organizations should update to the latest version of Apache Tomcat to mitigate this vulnerability. The specific versions to upgrade to include:

• Upgrade to Apache Tomcat 8.5.64 or later • Upgrade to Apache Tomcat 9.0.44 or later • Upgrade to Apache Tomcat 10.0.3 or later

Organizations may also consider engaging in penetration testing to identify any additional weaknesses in their configurations.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor for the following indicators:

• Unusual spikes in traffic to the Tomcat server • Logs indicating repeated connection attempts • Errors indicating service unavailability

AppSecure Threat Intelligence Insight

The vulnerability represented by CVE-2021-41079 highlights the importance of proper validation of incoming network packets. Security teams should focus on ensuring configurations are secure and that all software dependencies are up to date.

This incident underscores the necessity of employing robust security practices such as regular vulnerability assessments and penetration testing.

Creating a vulnerability management program can also help in identifying and mitigating similar vulnerabilities in the future.

Finally, organizations should stay informed about the latest threats and vulnerabilities affecting their technology stacks.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-41079: High Vulnerability in Apache Tomcat