Allocation of Resources Without Limits or Throttling Vulnerability Affects Multiple Apache Tomcat Versions
CVE-2024-38286

8.6HIGH

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 7 November 2024

Badges

📰 News Worthy

Summary

A resource allocation vulnerability exists in Apache Tomcat, allowing attackers to exploit the TLS handshake process. This exploitation can lead to an OutOfMemoryError under specific configurations on any platform, potentially affecting the availability of the application. The issue impacts several versions of Apache Tomcat, prompting users to update to secure versions 11.0.0-M21, 10.1.25, or 9.0.90 to mitigate this risk. Older, unsupported versions of the software may also be vulnerable.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.0-M20

Apache Tomcat 10.1.0-M1 <= 10.1.24

Apache Tomcat 9.0.13 <= 9.0.89

News Articles

CybersecurityNews

CVE-2024-38286

Apache Tomcat Vulnerability Lets Attackers Trigger Dos Attack

Apache Tomcat vulnerability, identified as CVE-2024-38286, has raised significant concerns among cybersecurity experts.

4 months ago

References

https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r4...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 7, 2024
📰
First article discovered by CybersecurityNews
Sep 25, 2024
Vulnerability Reserved
Jun 12, 2024

Credit

Ozaki, North Grid Corporation

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Apache Tomcat Vulnerability Lets Attackers Trigger Dos Attack

References

CVSS V3.1

Timeline

Credit