EUVD-2024-3211

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Apache Tomcat resource allocation vulnerability allows unlimited resource usage and no throttling.

Reporter	Title	Published	Views	Family All 168
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024	26 Nov 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: due to the use of Apache Tomcat, IBM webMethods developer portal is affected by Multiple Vulnerabilities	30 Sep 202510:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat might affect IBM Storage Defender Copy Data Management.	16 May 202519:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.	23 Jun 202513:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-38286)	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.	25 Jun 202511:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.	24 Jun 202506:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Apache Tomcat (CVE-2024-38286)	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core	24 Jan 202517:29	–	ibm
AstraLinux	Astra Linux – Vulnerability in Tomcat9	3 May 202623:59	–	astralinux

[
  {
    "enisaIdVendor": [
      {
        "id": "5cbbd7fa-3c24-38d9-aa92-55dd20c1dc13",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "20e3f569-9d84-3d53-ab35-775aa6ada027",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "7.0.92 ≤7.0.109"
      },
      {
        "id": "4abd1dcd-50fd-3ac7-a546-ffdbecde9dd3",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "9.0.13 ≤9.0.89"
      },
      {
        "id": "5db05cba-a3ae-3125-ae9f-d7db5abbc24c",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "11.0.0-M1 ≤11.0.0-M20"
      },
      {
        "id": "ae06a65e-a708-3e9b-8de0-4c0ef34dabdd",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.5.35 ≤8.5.100"
      },
      {
        "id": "d27d5324-cfd6-3a61-ad15-a8e7abea7bfb",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": ""
      },
      {
        "id": "f81b573d-9612-3305-bde1-dbf71aa827b9",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "10.1.0-M1 ≤10.1.24"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-38286
github	www.github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
github	www.github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
github	www.github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
github	www.github.com/apache/tomcat
lists	www.lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
security	www.security.netapp.com/advisory/ntap-20241101-0010
openwall	www.openwall.com/lists/oss-security/2024/09/23/2

03 Oct 2025 20:07Current

8.6High risk

Vulners AI Score8.6

CVSS 3.17.5 - 8.6

EPSS0.01702

SSVC

apache tomcat vulnerability allocation of resources unlimited resources no throttling