Incorrect Object Recycling Vulnerability Affects Apache Tomcat Versions

CVE-2024-52317

Currently unrated 🤨

Key Information

Vendor: Apache
Vendor: CVE Published:; 18 November 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-52317
Created by TAM-K592

Timeline

👾
Exploit exists.
Nov 21, 2024
Vulnerability published.
Nov 18, 2024

Collectors

NVD Database1 Proof of Concept(s)