CVE-2024-34750
CVSS V2 None
CVSS V3 None
Description
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
Overview
- CVE ID
- CVE-2024-34750
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-03T19:32:34.695Z
- Last Modified Date
- 2024-07-03T19:32:34.695Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-34750 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-04 13:11:46 | Added to TrackCVE |