CVE-2024-34750

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-34750
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34750.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34750
Aliases
Downstream
Related
Published
2024-07-03T20:15:04.083Z
Modified
2026-04-02T11:59:47.454633Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.

The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
16bf392c67833ad549733b58c350ff92b5ee782a
Fixed
65977c7d1da9b6016e2b19de06c3be7373f40859
Introduced
e9d17cddc285615807ec5fef09240777436b25dc
Fixed
a0038178b617423537dc66b2f516c53da7093421
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
59c81e30e2f64f5e8c1db78c4860c51850dfb0bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06d0e42e6cd70aae860f164c27d16bdfdfcdc496
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ae109f6248e00a1952f706d6941ff930ad4466e1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5a67c7c58d8caf24969093e6423b7f0b43df2f6a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de45b3f200602b98cde70debe7f656bef0bb5fa2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9108a1f6776f7211f5cd27e80b7b5a6e98116b01
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a22029c7147b83e4fbced16add744903245d1147
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ca6ea22e9b6c47df1db85e9af80f80431c3ea19e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
110bc36637569f7e9d191d21ac8600a8667cfc94
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eee0dbb29048a60ee2c85ebcb9abb1750046c0bf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19e301275f23056e3c46ab296c87cf6e16fbe68f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4b03c23ad60e678c1d1a85df815fb6cd8d14ca67
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c400bf727cbc10198d3f52c29849d18660050b0c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8afe2647d7801172cc304f4a47d8aad9646d2985
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3b6de549bdf4f6486c39daa0ae8e4d4b7475b1f6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06977fbea3c82c3d29e544203983dd3b49a632f1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce010463a93138d596c54c67b11cdb35fc8244a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eb9d5f0b70a1b84fa18af30eaf358cfa9e4b87ae
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
434400d882a20e12ea03855f4bd93451bd3362c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de714a23642a4d0baef342db6762a7f7a550d82c
Database specific 
{
    "versions": [
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.0.90"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone9"
        }
    ]
}

Affected versions

10.*
10.0.0
10.0.0-M1
10.0.0-M10
10.0.0-M2
10.0.0-M3
10.0.0-M4
10.0.0-M5
10.0.0-M6
10.0.0-M7
10.0.0-M8
10.0.0-M9
10.0.0.0-M1
10.0.1
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.15
10.0.16
10.0.17
10.0.18
10.0.19
10.0.2
10.0.20
10.0.21
10.0.22
10.0.23
10.0.24
10.0.25
10.0.26
10.0.27
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.0-M1
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M13
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0-M18
10.1.0-M19
10.1.0-M2
10.1.0-M20
10.1.0-M3
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M9
10.1.1
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14
10.1.15
10.1.16
10.1.17
10.1.18
10.1.19
10.1.2
10.1.20
10.1.22
10.1.23
10.1.24
10.1.26
10.1.27
10.1.28
10.1.29
10.1.3
10.1.30
10.1.31
10.1.32
10.1.33
10.1.34
10.1.35
10.1.36
10.1.37
10.1.38
10.1.39
10.1.4
10.1.40
10.1.41
10.1.42
10.1.43
10.1.44
10.1.45
10.1.46
10.1.47
10.1.48
10.1.49
10.1.5
10.1.50
10.1.51
10.1.52
10.1.6
10.1.7
10.1.8
10.1.9
11.*
11.0.0
11.0.0-M1
11.0.0-M10
11.0.0-M11
11.0.0-M12
11.0.0-M13
11.0.0-M14
11.0.0-M15
11.0.0-M16
11.0.0-M17
11.0.0-M18
11.0.0-M19
11.0.0-M2
11.0.0-M20
11.0.0-M21
11.0.0-M22
11.0.0-M23
11.0.0-M24
11.0.0-M25
11.0.0-M26
11.0.0-M3
11.0.0-M4
11.0.0-M5
11.0.0-M6
11.0.0-M7
11.0.0-M8
11.0.0-M9
11.0.1
11.0.10
11.0.11
11.0.12
11.0.13
11.0.14
11.0.15
11.0.16
11.0.17
11.0.18
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
11.0.8
11.0.9
7.*
7.0.10
7.0.100
7.0.101
7.0.102
7.0.103
7.0.104
7.0.105
7.0.106
7.0.107
7.0.108
7.0.109
7.0.11
7.0.12
7.0.13
7.0.14
7.0.15
7.0.16
7.0.17
7.0.18
7.0.19
7.0.20
7.0.21
7.0.22
7.0.23
7.0.24
7.0.25
7.0.26
7.0.27
7.0.28
7.0.29
7.0.30
7.0.31
7.0.32
7.0.33
7.0.34
7.0.35
7.0.36
7.0.37
7.0.38
7.0.39
7.0.40
7.0.41
7.0.42
7.0.43
7.0.44
7.0.45
7.0.46
7.0.47
7.0.48
7.0.49
7.0.50
7.0.51
7.0.52
7.0.53
7.0.54
7.0.55
7.0.56
7.0.57
7.0.58
7.0.59
7.0.60
7.0.61
7.0.62
7.0.63
7.0.64
7.0.65
7.0.66
7.0.67
7.0.68
7.0.69
7.0.7
7.0.70
7.0.71
7.0.72
7.0.73
7.0.74
7.0.75
7.0.76
7.0.77
7.0.78
7.0.79
7.0.8
7.0.80
7.0.81
7.0.82
7.0.83
7.0.84
7.0.85
7.0.86
7.0.87
7.0.88
7.0.89
7.0.9
7.0.90
7.0.91
7.0.92
7.0.93
7.0.94
7.0.95
7.0.96
7.0.97
7.0.98
7.0.99
8.*
8.5.0
8.5.1
8.5.10
8.5.100
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
8.5.19
8.5.2
8.5.20
8.5.21
8.5.22
8.5.23
8.5.24
8.5.25
8.5.26
8.5.27
8.5.28
8.5.29
8.5.3
8.5.30
8.5.31
8.5.32
8.5.33
8.5.34
8.5.35
8.5.36
8.5.37
8.5.38
8.5.39
8.5.4
8.5.40
8.5.41
8.5.42
8.5.43
8.5.44
8.5.45
8.5.46
8.5.47
8.5.48
8.5.49
8.5.5
8.5.50
8.5.51
8.5.52
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.6
8.5.60
8.5.61
8.5.62
8.5.63
8.5.64
8.5.65
8.5.66
8.5.67
8.5.68
8.5.69
8.5.7
8.5.70
8.5.71
8.5.72
8.5.73
8.5.74
8.5.75
8.5.76
8.5.77
8.5.78
8.5.79
8.5.8
8.5.80
8.5.81
8.5.82
8.5.83
8.5.84
8.5.85
8.5.86
8.5.87
8.5.88
8.5.89
8.5.9
8.5.90
8.5.91
8.5.92
8.5.93
8.5.94
8.5.95
8.5.96
8.5.97
8.5.98
8.5.99
9.*
9.0.0
9.0.0-M1
9.0.0-M10
9.0.0-M11
9.0.0-M12
9.0.0-M13
9.0.0-M14
9.0.0-M15
9.0.0-M16
9.0.0-M17
9.0.0-M18
9.0.0-M19
9.0.0-M2
9.0.0-M20
9.0.0-M21
9.0.0-M22
9.0.0-M23
9.0.0-M24
9.0.0-M25
9.0.0-M26
9.0.0-M27
9.0.0-M3
9.0.0-M4
9.0.0-M5
9.0.0-M6
9.0.0-M7
9.0.0-M8
9.0.0-M9
9.0.1
9.0.10
9.0.100
9.0.101
9.0.102
9.0.103
9.0.104
9.0.105
9.0.106
9.0.107
9.0.108
9.0.109
9.0.11
9.0.110
9.0.111
9.0.112
9.0.113
9.0.114
9.0.115
9.0.12
9.0.13
9.0.14
9.0.15
9.0.16
9.0.17
9.0.18
9.0.19
9.0.2
9.0.20
9.0.21
9.0.22
9.0.23
9.0.24
9.0.25
9.0.26
9.0.27
9.0.28
9.0.29
9.0.3
9.0.30
9.0.31
9.0.32
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.4
9.0.40
9.0.41
9.0.42
9.0.43
9.0.44
9.0.45
9.0.46
9.0.47
9.0.48
9.0.49
9.0.5
9.0.50
9.0.51
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.57
9.0.58
9.0.59
9.0.6
9.0.60
9.0.61
9.0.62
9.0.63
9.0.64
9.0.65
9.0.66
9.0.67
9.0.68
9.0.69
9.0.7
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.77
9.0.78
9.0.79
9.0.8
9.0.80
9.0.81
9.0.82
9.0.83
9.0.84
9.0.85
9.0.86
9.0.87
9.0.88
9.0.89
9.0.9
9.0.91
9.0.92
9.0.93
9.0.94
9.0.95
9.0.96
9.0.97
9.0.98
9.0.99

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34750.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9"
            }
        ]
    }
]