Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-52317

Опубликовано: 18 нояб. 2024
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users.

This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.

Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 9.0.92 (включая) до 9.0.96 (исключая)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 10.1.27 (включая) до 10.1.31 (исключая)
cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone26:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.03805
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-326

Связанные уязвимости

ubuntu логотип

CVE-2024-52317

CVSS3: 6.5
ubuntu
7 месяцев назад

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

redhat логотип

CVE-2024-52317

CVSS3: 6.5
redhat
7 месяцев назад

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

debian логотип

CVE-2024-52317

CVSS3: 6.5
debian
7 месяцев назад

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ...

github логотип

GHSA-qvf5-hvjx-wm27

CVSS3: 6.5
github
7 месяцев назад

Apache Tomcat Request and/or response mix-up

fstec логотип

BDU:2024-10295

CVSS3: 6.5
fstec
7 месяцев назад

Уязвимость сервера приложений Apache Tomcat, связанная с недостаточно стойким шифрованием данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 88%
0.03805
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-326