CVE-2024-24549

🗓️ 13 Mar 2024 15:46:53Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 460 Views

Denial of Service vulnerability in Apache Tomcat due to improper input validation for HTTP/2 requests. Upgrading to fixed versions recommended

Reporter	Title	Published	Views	Family All 236
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001	14 May 202420:42	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-24549) affects Power HMC	16 Apr 202416:53	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component	2 May 202419:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.	27 Mar 202417:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Build 7.0.0.1 addresses multiple vulnerabilities.	27 Mar 202417:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2024-24549, CVE-2024-23672, CVE-2024-0727, CVE-2023-6129)	29 Aug 202415:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-24549, CVE-2024-23672)	5 Apr 202411:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.10	29 Jul 202522:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat	24 Jul 202422:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products	19 Jun 202415:29	–	ibm

NVD

Vulners

Node

apache tomcatRange8.5.0–8.5.99

apache tomcatRange9.0.0–9.0.86

apache tomcatRange10.1.0–10.1.19

apache tomcatMatch11.0.0milestone1

apache tomcatMatch11.0.0milestone10

apache tomcatMatch11.0.0milestone11

apache tomcatMatch11.0.0milestone12

apache tomcatMatch11.0.0milestone13

apache tomcatMatch11.0.0milestone14

apache tomcatMatch11.0.0milestone15

apache tomcatMatch11.0.0milestone16

apache tomcatMatch11.0.0milestone2

apache tomcatMatch11.0.0milestone3

apache tomcatMatch11.0.0milestone4

apache tomcatMatch11.0.0milestone5

apache tomcatMatch11.0.0milestone6

apache tomcatMatch11.0.0milestone7

apache tomcatMatch11.0.0milestone8

apache tomcatMatch11.0.0milestone9

Node

debian debian_linuxMatch10.0

Node

fedoraproject fedoraMatch39

fedoraproject fedoraMatch40

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.0-M16",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.18",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.85",
        "status": "affected",
        "version": "9.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.98",
        "status": "affected",
        "version": "8.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.0.27",
        "status": "unknown",
        "version": "10.0.0-M1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
openwall	www.openwall.com/lists/oss-security/2024/03/13/3
security	www.security.netapp.com/advisory/ntap-20240402-0002/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
lists	www.lists.debian.org/debian-lts-announce/2024/04/msg00001.html

29 Oct 2025 12:15Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.6439

SSVC

CWE-20