Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-23672

Опубликовано: 13 мар. 2024
Источник: debian
EPSS Низкий

Описание

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat10fixed10.1.20-1package
tomcat9fixed9.0.70-2package

Примечания

  • https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

  • https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501 (10.1.19)

  • https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068 (9.0.86)

  • Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version

EPSS

Процентиль: 62%
0.00437
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-23672

CVSS3: 6.3
ubuntu
больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

redhat логотип

CVE-2024-23672

CVSS3: 7.5
redhat
больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

nvd логотип

CVE-2024-23672

CVSS3: 6.3
nvd
больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

github логотип

GHSA-v682-8vv8-vpwr

CVSS3: 6.3
github
больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

fstec логотип

BDU:2024-02604

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость сервера приложений Apache Tomcat, связанная с неполной очисткой временных или вспомогательных ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 62%
0.00437
Низкий