Lucene search

K
tomcatApache TomcatTOMCAT:82BA0DC40ABA6C528A36EA786196208A
HistoryFeb 19, 2024 - 12:00 a.m.

Fixed in Apache Tomcat 11.0.0-M17

2024-02-1900:00:00
Apache Tomcat
tomcat.apache.org
21
websocket client
resource consumption
http/2 request
header limits
tomcat security team
public disclosure
software vulnerability

AI Score

7.1

Confidence

High

EPSS

0

Percentile

14.8%

Important: Denial of Service CVE-2024-23672

It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption.

This was fixed with commit b0e3b1bd.

This issue was identified by the Tomcat Security Team on 17 January 2024. The issue was made public on 13 March 2024.

Affects: 11.0.0-M1 to 11.0.0-M16

Important: Denial of Service CVE-2024-24549

When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.

This was fixed with commit 810f49d5.

This issue was reported to the Tomcat Security Team on 24 January 2024. The issue was made public on 13 March 2024.

Affects: 11.0.0-M1 to 11.0.0-M16

Affected configurations

Vulners
Node
apachetomcatRange11.0.0-M1
OR
apachetomcatRange11.0.0-M16
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*