Vulnerability DatabaseCVE-2024-52317
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-52317
November 18, 2024
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
Related Resources (9)
https://github.com/apache/tomcat/commit/9e840ccacb40881c03a03b1e0746bfba7369b3bd
https://nvd.nist.gov/vuln/detail/CVE-2024-52317
https://security.netapp.com/advisory/ntap-20250124-0004
https://github.com/apache/tomcat
https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs
https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b
https://security.netapp.com/advisory/ntap-20250124-0004/
http://www.openwall.com/lists/oss-security/2024/11/18/3
https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Inadequate Encryption Strength
CWE-326
EPSS
Base Score:
16.65