Lucene search

K
tomcatApache TomcatTOMCAT:A0C1BE19A411D6582E2968BB7DC771B9
HistoryFeb 19, 2024 - 12:00 a.m.

Fixed in Apache Tomcat 9.0.86

2024-02-1900:00:00
Apache Tomcat
tomcat.apache.org
66
apache tomcat
security team
websocket
http/2
resource consumption
vulnerabilities

AI Score

7.1

Confidence

High

EPSS

0

Percentile

14.8%

Important: Denial of Service CVE-2024-23672

It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption.

This was fixed with commit 52d6650e.

This issue was identified by the Tomcat Security Team on 17 January 2024. The issue was made public on 13 March 2024.

Affects: 9.0.0-M1 to 9.0.85

Important: Denial of Service CVE-2024-24549

When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.

This was fixed with commit 8e03be9f.

This issue was reported to the Tomcat Security Team on 24 January 2024. The issue was made public on 13 March 2024.

Affects: 9.0.0-M1 to 9.0.85

Affected configurations

Vulners
Node
apachetomcatRange9.0.0-M1
OR
apachetomcatRange9.0.85
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*