CVE-2024-23672

Updated: 2024-06-03 17:19:31.543843

Description:

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 7 ELS tomcat 7.0.76 7.5 HIGH Ignored 2024-06-03 17:19:31 We have reasoned not to port the fix for this vulnerability since the upstream didn't patch tomcat7 ...
Ubuntu 18.04 ELS tomcat8 8.5.39-1 7.5 HIGH Released CLSA-2024:1732701424 2024-11-27 11:55:16 We have reasoned not to port the fix for this vulnerability since the upstream didn't patch tomcat7 ...
Ubuntu 18.04 ELS tomcat9 9.0.16-3 7.5 HIGH Released CLSA-2024:1732637149 2024-11-26 11:56:40 We have reasoned not to port the fix for this vulnerability since the upstream didn't patch tomcat7 ...