exploitDog

GHSA-v682-8vv8-vpwr

Опубликовано: 13 мар. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.3

Описание

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat-websocket

maven

Затронутые версииВерсия исправления

>= 11.0.0-M1, <= 11.0.0-M16

11.0.0-M17

Наименование

org.apache.tomcat:tomcat-websocket

maven

Затронутые версииВерсия исправления

>= 10.1.0-M1, <= 10.1.18

10.1.19

Наименование

org.apache.tomcat:tomcat-websocket

maven

Затронутые версииВерсия исправления

>= 9.0.0-M1, <= 9.0.85

9.0.86

Наименование

org.apache.tomcat:tomcat-websocket

maven

Затронутые версииВерсия исправления

>= 8.5.0, <= 8.5.98

8.5.99

Наименование

org.apache.tomcat.embed:tomcat-embed-websocket

maven

Затронутые версииВерсия исправления

>= 11.0.0-M1, <= 11.0.0-M16

11.0.0-M17

Наименование

org.apache.tomcat.embed:tomcat-embed-websocket

maven

Затронутые версииВерсия исправления

>= 10.1.0-M1, <= 10.1.18

10.1.19

Наименование

org.apache.tomcat.embed:tomcat-embed-websocket

maven

Затронутые версииВерсия исправления

>= 9.0.0-M1, <= 9.0.85

9.0.86

Наименование

org.apache.tomcat.embed:tomcat-embed-websocket

maven

Затронутые версииВерсия исправления

>= 8.5.0, <= 8.5.98

8.5.99

EPSS

Процентиль: 61%

0.00425

Низкий

6.3 Medium

CVSS3

CVE ID

Дефекты

CWE-459

Связанные уязвимости

CVE-2024-23672

CVSS3: 6.3

ubuntu

больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

CVE-2024-23672

CVSS3: 7.5

redhat

больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

CVE-2024-23672

CVSS3: 6.3

nvd

больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

CVE-2024-23672

CVSS3: 6.3

debian

больше 1 года назад

Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...

BDU:2024-02604

CVSS3: 7.5

fstec

больше 1 года назад

Уязвимость сервера приложений Apache Tomcat, связанная с неполной очисткой временных или вспомогательных ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 61%

0.00425

Низкий

6.3 Medium

CVSS3

CVE ID

Дефекты

CWE-459