CVE-2024-23672

CVSS V2 None CVSS V3 None

Description

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Overview

CVE ID
CVE-2024-23672

Assigner
apache

Vulnerability Status
PUBLISHED

Published Version
2024-03-13T15:48:42.610Z

Last Modified Date
2024-03-13T15:48:42.610Z

Weakness Enumerations

CWE	URL
CWE-459	http://cwe.mitre.org/data/definitions/459.html

References

Reference URL	Reference Tags
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f	vendor-advisory
https://security.netapp.com/advisory/ntap-20240402-0002/
https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
http://www.openwall.com/lists/oss-security/2024/03/13/4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-23672
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 07:17:23				Added to TrackCVE