BIT-tomcat-2024-23672

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2024-23672.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tomcat-2024-23672

Aliases

CVE-2024-23672
GHSA-v682-8vv8-vpwr

Published

2024-04-01T14:18:43.369Z

Modified

2024-05-02T07:52:56.618Z

Summary

[none]

Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Affected ranges

Type: SEMVER
Events: Introduced

8.5.0

Fixed

8.5.99

Introduced

11.0.0

Fixed

11.0.0

Introduced

10.1.0

Fixed

10.1.19

Introduced

9.0.0

Fixed

9.0.86