Home > Vulnerability Database > CVE-2024-23672

Mend.io Vulnerability Database

CVE-2024-23672

Good to know:

Date: March 13, 2024

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Language: Java

Severity Score

7.5

Related Resources (8)

Url: https://security.netapp.com/advisory/ntap-20240402-0002/

Url: https://security-tracker.debian.org/tracker/CVE-2024-23672

Url: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

Url: http://www.openwall.com/lists/oss-security/2024/03/13/4

Url: https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23672

Url: https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9

Url: https://www.mend.io/vulnerability-database/CVE-2024-23672

Severity Score

7.5

Weakness Type (CWE)

Incomplete Cleanup

CWE-459

Top Fix

Upgrade Version

Upgrade to version org.apache.tomcat:tomcat-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17 ,org.apache.tomcat.embed:tomcat-embed-websocket:8.5.99,9.0.86,10.1.19,11.0.0-M17

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23672

Good to know:

Date: March 13, 2024

Language: Java

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?