Lucene search

CVE-2024-24549

🗓️ 13 Mar 2024 16:29:15Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 23 Media mentions👁 210 Views🌐 WEB

Denial of Service vulnerability in Apache Tomcat due to improper input validation for HTTP/2 requests. Upgrading to fixed versions recommended

Reporter	Title	Published	Views	Family All 136
OSV	CGA-G7H3-55HG-6WRJ	6 Jun 202412:27	–	osv
OSV	BIT-tomcat-2024-24549	1 Apr 202414:18	–	osv
OSV	CGA-MR75-947F-R7WP	6 Jun 202412:28	–	osv
OSV	Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests	13 Mar 202418:31	–	osv
OSV	CGA-G2X6-G84W-C6FQ	6 Jun 202412:25	–	osv
OSV	RLSA-2024:3666 Important: tomcat security and bug fix update	14 Jun 202413:59	–	osv
OSV	RHSA-2024:3814 Red Hat Security Advisory: tomcat security and bug fix update	16 Sep 202418:43	–	osv
OSV	RHSA-2024:3308 Red Hat Security Advisory: tomcat security and bug fix update	16 Sep 202418:43	–	osv
OSV	OPENSUSE-SU-2024:13832-1 tomcat-9.0.87-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	ALSA-2024:3666 Important: tomcat security and bug fix update	6 Jun 202400:00	–	osv

Vulners

Node

apache_tomcat apache_tomcatRange11.0.0-M1–11.0.0-M16

apache_tomcat apache_tomcatRange10.1.0-M1–10.1.18

apache_tomcat apache_tomcatRange9.0.0-M1–9.0.85

apache_tomcat apache_tomcatRange8.5.0–8.5.98

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.0-M16",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.18",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.85",
        "status": "affected",
        "version": "9.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.98",
        "status": "affected",
        "version": "8.5.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
lists	www.lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
openwall	www.openwall.com/lists/oss-security/2024/03/13/3
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
security	www.security.netapp.com/advisory/ntap-20240402-0002/
lists	www.lists.debian.org/debian-lts-announce/2024/04/msg00001.html

Parameter	Position	Path	Description	CWE
Content-Type	request body	/	Denial of Service vulnerability in Apache Tomcat due to oversized header values in HTTP/2 requests.	CWE-20
X-Test-Header	request body	/	Denial of Service vulnerability in Apache Tomcat due to oversized header values in HTTP/2 requests.	CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Mar 2024 16:15Current

7.9High risk

Vulners AI Score7.9

CVSS37.5

EPSS0.00045

SSVC

CWE-20