Description
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Photo Gallery by Gallery Bank Cross-Site Scripting (3.0.69)
WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.4.9)
Adobe Coldfusion 8 multiple linked XSS vulnerabilies
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4097)