ROOT-APP-MAVEN-CVE-2024-23672 CVE-2024-23672 in io.root.org.apache.tomcat.embed:tomcat-embed-websocket - Patched by Root

Root has patched CVE-2024-23672 in the io.root.org.apache.tomcat.embed:tomcat-embed-websocket package for Root:Maven. Multiple fixed versions available...

CVE-2026-23672

creationtimestamp| type| source ---|---|--- 2026-03-10 16:57:37+00:00| seen| https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review 2026-03-10 19:07:55+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0080 2026-03-11 03:00:16+00:00| seen|...

MiracleLinux 9 : tomcat-9.0.87-1.el9_4.1 (AXSA:2024-8150:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8150:07 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes and...

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.1.ML.1 (AXSA:2024-8475:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8475:09 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes:...

TencentOS Server 4: tomcat (TSSA-2024:0429)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0429 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-23672

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1...

CLSA-2025-1740230558 tomcat: Fix of CVE-2024-23672

CVE-2024-23672: fix incomplete cleanup vulnerability to prevent Denial of Service...

CVE-2025-23672

creationtimestamp| type| source ---|---|--- 2025-01-22 15:19:46+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo52j2hj2j...

CVE-2025-23672

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through = 1.2...

CVE-2025-23672

CVE-2025-23672 is a reflected XSS vulnerability in Instant Appointment (NotFound Instant Appointment) affecting versions up to 1.2. The issue arises from improper input neutralization during web page generation. The CVE entry notes Reflected XSS; connected Red Hat and Wordfence references corrobo...

CVE-2025-23672 WordPress Instant Appointment plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through = 1.2...

CVE-2023-23672

creationtimestamp| type| source ---|---|--- 2025-01-02 16:15:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lerhwbbtcv2a 2025-01-02 16:52:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lerjxlh6ao2q 2025-01-02 17:36:35+00:00| seen|...

CVE-2023-23672

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1...

CVE-2023-23672 WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1...

CLSA-2024-1732637149 Fix CVE(s): CVE-2024-23672

SECURITY UPDATE: Denial of Service vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure WebSocket connection closure completes - CVE-2024-23672...

Important: tomcat8

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Amazon Linux AMI : tomcat8 (ALAS-2024-1941)

The version of tomcat8 installed on the remote host is prior to 8.5.99-1.97. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1941 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep...

RLSA-2024:3666 Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes: Rebase tomcat to version 9.0.87...

Rocky Linux 8 : tomcat (RLSA-2024:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3666 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes: Rebase...

Rocky Linux 9 : tomcat (RLSA-2024:3307)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3307 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes and...