Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-23672
HistoryMar 13, 2024 - 12:00 a.m.

CVE-2024-23672

2024-03-1300:00:00
ubuntu.com
ubuntu.com
38
denial of service
apache tomcat
websocket
vulnerability
cve-2024-23672
upgrade
resource consumption
unix

EPSS

0

Percentile

10.4%

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It
was possible for WebSocket clients to keep WebSocket connections open
leading to increased resource consumption.This issue affects Apache Tomcat:
from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from
9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended
to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the
issue.