BIT-tomcat-2024-23672

Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2024-23672.json
Aliases
Published
2024-04-01T14:18:43.369Z
Modified
2024-04-08T20:22:09.293Z
Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

References

Affected packages

Bitnami / tomcat

Package

Name
tomcat

Affected ranges

Type
SEMVER
Events
Introduced
8.5.0
Fixed
8.5.99
Introduced
11.0.0
Fixed
11.0.0
Introduced
10.1.0
Fixed
10.1.19
Introduced
9.0.0
Fixed
9.0.86