BIT-tomcat-2024-23672

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2024-23672.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-tomcat-2024-23672
Aliases
Published
2025-07-17T08:09:47.503Z
Modified
2025-07-17T08:31:17.431Z
Summary
Apache Tomcat: WebSocket DoS with incomplete closing handshake
Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ]
}
References

Affected packages

Bitnami / tomcat

Package

Name
tomcat
Purl
pkg:bitnami/tomcat

Severity

  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.5.0
Fixed
8.5.100
Introduced
10.1.0
Fixed
10.1.19
Introduced
11.0.0
Fixed
11.0.9
Introduced
9.0.0
Fixed
9.0.86