UBUNTU-CVE-2024-23672

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-23672

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23672.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-23672

Related

Published

2024-03-13T16:15:00Z

Modified

2024-10-24T16:31:57Z

Summary

[none]

Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

References

Affected packages

Ubuntu:Pro:14.04:LTS / tomcat6

Package

Name: tomcat6
Purl: pkg:deb/ubuntu/tomcat6?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.37-1

6.0.39-1

6.0.39-1ubuntu0.1

6.0.39-1ubuntu0.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:14.04:LTS / tomcat7

Package

Name: tomcat7
Purl: pkg:deb/ubuntu/tomcat7?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.42-1

7.0.47-1

7.0.50-1

7.0.52-1

7.0.52-1ubuntu0.1

7.0.52-1ubuntu0.3

7.0.52-1ubuntu0.6

7.0.52-1ubuntu0.7

7.0.52-1ubuntu0.8

7.0.52-1ubuntu0.9

7.0.52-1ubuntu0.10

7.0.52-1ubuntu0.11

7.0.52-1ubuntu0.13

7.0.52-1ubuntu0.14

7.0.52-1ubuntu0.15

7.0.52-1ubuntu0.16

7.0.52-1ubuntu0.16+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / tomcat8

Package

Name: tomcat8
Purl: pkg:deb/ubuntu/tomcat8?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.26-1

8.0.28-1

8.0.30-1

8.0.32-1

8.0.32-1ubuntu1

8.0.32-1ubuntu1.1

8.0.32-1ubuntu1.2

8.0.32-1ubuntu1.3

8.0.32-1ubuntu1.4

8.0.32-1ubuntu1.5

8.0.32-1ubuntu1.6

8.0.32-1ubuntu1.7

8.0.32-1ubuntu1.8

8.0.32-1ubuntu1.9

8.0.32-1ubuntu1.10

8.0.32-1ubuntu1.11

8.0.32-1ubuntu1.13

8.0.32-1ubuntu1.13+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / tomcat6

Package

Name: tomcat6
Purl: pkg:deb/ubuntu/tomcat6?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.41-4

6.0.45+dfsg-1

6.0.45+dfsg-1ubuntu0.1

6.0.45+dfsg-1ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / tomcat7

Package

Name: tomcat7
Purl: pkg:deb/ubuntu/tomcat7?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.64-1

7.0.68-1

7.0.68-1ubuntu0.1

7.0.68-1ubuntu0.3

7.0.68-1ubuntu0.4

7.0.68-1ubuntu0.4+esm1

7.0.68-1ubuntu0.4+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tomcat7

Package

Name: tomcat7
Purl: pkg:deb/ubuntu/tomcat7?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.78-1

7.0.78-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tomcat8

Package

Name: tomcat8
Purl: pkg:deb/ubuntu/tomcat8?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.5.21-1ubuntu1

8.5.29-1

8.5.30-1

8.5.30-1ubuntu1

8.5.30-1ubuntu1.2

8.5.30-1ubuntu1.3

8.5.30-1ubuntu1.4

8.5.39-1ubuntu1~18.04.1

8.5.39-1ubuntu1~18.04.2

8.5.39-1ubuntu1~18.04.3

8.5.39-1ubuntu1~18.04.3+esm1

8.5.39-1ubuntu1~18.04.3+esm2

8.5.39-1ubuntu1~18.04.3+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.16-3~18.04.1

9.0.16-3ubuntu0.18.04.1

9.0.16-3ubuntu0.18.04.2

9.0.16-3ubuntu0.18.04.2+esm1

9.0.16-3ubuntu0.18.04.2+esm2

9.0.16-3ubuntu0.18.04.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.24-1

9.0.27-1

9.0.31-1

9.0.31-1ubuntu0.1

9.0.31-1ubuntu0.2

9.0.31-1ubuntu0.3

9.0.31-1ubuntu0.4

9.0.31-1ubuntu0.5

9.0.31-1ubuntu0.6

9.0.31-1ubuntu0.7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.43-3

9.0.54-1

9.0.55-1

9.0.58-1

9.0.58-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / tomcat10

Package

Name: tomcat10
Purl: pkg:deb/ubuntu/tomcat10?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.1.16-1

10.1.23-1

10.1.25-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.70-2

9.0.70-2ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / tomcat10

Package

Name: tomcat10
Purl: pkg:deb/ubuntu/tomcat10?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.1.10-1

10.1.14-1

10.1.15-1

10.1.16-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/ubuntu/tomcat9?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.70-1ubuntu1

9.0.70-2

9.0.70-2ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}