Lucene search
ApacheVULNRICHMENT:CVE-2024-34750HistoryJul 03, 2024 - 7:32 p.m.
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS
2024-07-0319:32:34
CWE-755
CWE-400
apache
github.com
12
apache tomcat
http/2
header handling
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Tomcat",
"versions": [
{
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver",
"lessThanOrEqual": "11.0.0-M20"
},
{
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver",
"lessThanOrEqual": "10.1.24"
},
{
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver",
"lessThanOrEqual": "9.0.89"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "tomcat",
"versions": [
{
"status": "affected",
"version": "9.0.0-m1",
"versionType": "semver",
"lessThanOrEqual": "9.0.89"
},
{
"status": "affected",
"version": "10.1.0-m1",
"versionType": "semver",
"lessThanOrEqual": "10.1.24"
},
{
"status": "affected",
"version": "11.0.0-m1",
"versionType": "semver",
"lessThanOrEqual": "11.0.0-m20"
}
],
"defaultStatus": "unaffected"
}
]Related
nessus
nessus
RHEL 9 : tomcat (RHSA-2024:5693)
2024-08-21 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2024:2413-1)
2024-07-12 00:00:00
Apache Tomcat 9.0.0.M1 < 9.0.90
2024-07-03 00:00:00
osv
osv
Important: tomcat security update
2024-08-21 00:00:00
CVE-2024-34750
2024-07-03 20:15:00
Important: tomcat security update
2024-08-21 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2485-1)
2024-07-16 00:00:00
Apache Tomcat DoS Vulnerability (Jul 2024) - Windows
2024-07-04 00:00:00
Mageia: Security Advisory (MGASA-2024-0267)
2024-07-16 00:00:00
almalinux
almalinux
Important: tomcat security update
2024-08-21 00:00:00
Important: tomcat security update
2024-08-21 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 10.1.25
2024-06-19 00:00:00
Fixed in Apache Tomcat 11.0.0-M21
2024-06-18 00:00:00
Fixed in Apache Tomcat 9.0.90
2024-06-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2024-07-04 11:45:19
ubuntucve
ubuntucve
CVE-2024-34750
2024-07-03 00:00:00
nvd
nvd
CVE-2024-34750
2024-07-03 20:15:04
cvelist
cvelist
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS
2024-07-03 19:32:34
cve
cve
CVE-2024-34750
2024-07-03 20:15:04
hackerone
hackerone
github
github
Apache Tomcat - Denial of Service
2024-07-03 21:39:44
redos
redos
ROS-20240827-11
2024-08-27 00:00:00
redhat
redhat
(RHSA-2024:5693) Important: tomcat security update
2024-08-21 11:10:23
(RHSA-2024:5694) Important: tomcat security update
2024-08-21 11:10:30
(RHSA-2024:5695) Important: tomcat security update
2024-08-21 11:10:36
redhatcve
redhatcve
CVE-2024-34750
2024-07-03 23:20:39
oraclelinux
oraclelinux
tomcat security update
2024-08-21 00:00:00
tomcat security update
2024-08-21 00:00:00
atlassian
atlassian
kaspersky
kaspersky
KLA70302 SB vulnerability in Apache Tomcat
2024-07-03 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2024-07-15 19:54:48
ibm
ibm
debiancve
debiancve
CVE-2024-34750
2024-07-03 20:15:04
f5
f5
K000140303: Apache Tomcat vulnerability CVE-2024-34750
2024-07-11 00:00:00
wolfi
wolfi
CVE-2024-34750 vulnerabilities
2024-09-12 21:14:46
AI Score
6.8
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-34750