Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-38286

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 07 нояб. 2024
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS3: 8.6

ОписаниС

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.Β Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

10.1.40-1
esm-apps/noble

released

10.1.16-1ubuntu0.1~esm2
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

needed

oracular

not-affected

10.1.25-1
plucky

not-affected

10.1.35-1
questing

not-affected

10.1.40-1
upstream

released

10.1.25

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

needs-triage

esm-apps/noble

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

questing

needs-triage

trusty

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps/bionic

not-affected

code not present
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps/bionic

needed

esm-infra/focal

DNE

esm-infra/xenial

not-affected

code not present
focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

released

9.0.70-2ubuntu3
esm-apps/bionic

released

9.0.16-3ubuntu0.18.04.2+esm7
esm-apps/focal

released

9.0.31-1ubuntu0.9+esm2
esm-apps/jammy

released

9.0.58-1ubuntu0.2+esm3
esm-apps/noble

released

9.0.70-2ubuntu0.1+esm2
focal

ignored

end of standard support, was needs-triage
jammy

needed

noble

needed

oracular

released

9.0.70-2ubuntu1.24.10.2
plucky

released

9.0.70-2ubuntu1.25.04.2

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 61%
0.00413
Низкий

8.6 High

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-38286

CVSS3: 7.5
redhat
большС 1 года назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.Β Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-38286

CVSS3: 8.6
nvd
большС 1 года назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.Β Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-38286

CVSS3: 8.6
debian
большС 1 года назад

Allocation of Resources Without Limits or Throttling vulnerability in ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2024:3510-1

suse-cvrf
большС 1 года назад

Security update for tomcat

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-7jqf-v358-p8g7

CVSS3: 8.6
github
большС 1 года назад

Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 61%
0.00413
Низкий

8.6 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2024-38286