Uncontrolled Resource Consumption in Apache Tomcat Affects Performance
CVE-2024-54677

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-54677?

The uncontrolled resource consumption vulnerability found in the examples web application of Apache Tomcat allows attackers to potentially exhaust server resources, leading to a denial of service. This affects multiple versions of Apache Tomcat, including those as recent as 11.0.1. To mitigate this issue, users are strongly encouraged to upgrade to the patched versions 11.0.2, 10.1.34, or 9.0.98 as soon as possible.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.1

Apache Tomcat 10.1.0-M1 <= 10.1.33

Apache Tomcat 9.0.0.M1 <= 9.0.97

References

https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9cc...

vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024