Tomcat@11.0.0 Security Vulnerabilities and Issues — Tomcat@11.0.0 CVE List

Lucene search

ApacheTomcat11.0.0

7 matches found

CVE•added 2024/03/13 4:15 p.m.•631 views

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0...

6.3CVSS7.2AI score0.00425EPSS

CVE•added 2024/03/13 4:15 p.m.•358 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.Th...

7.5CVSS7.9AI score0.52453EPSS

CVE•added 2024/07/03 8:15 p.m.•353 views

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of a...

7.5CVSS7.8AI score0.19663EPSS

CVE•added 2024/11/18 12:15 p.m.•339 views

CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the au...

9.8CVSS9.5AI score0.00573EPSS

CVE•added 2024/11/07 8:15 a.m.•276 views

CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to...

8.6CVSS7.5AI score0.00804EPSS

CVE•added 2024/11/18 12:15 p.m.•149 views

CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requestscould lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.3...

6.5CVSS6.4AI score0.03805EPSS

CVE•added 2024/11/18 1:15 p.m.•141 views

CVE-2024-52318

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

6.1CVSS6.2AI score0.01518EPSS