BIT-tomcat-2024-38286

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2024-38286.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-tomcat-2024-38286
Aliases
Published
2024-11-09T07:20:25.873Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / tomcat

Package

Name
tomcat
Purl
pkg:bitnami/tomcat

Severity

  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
11.0.0-M1
Fixed
11.0.0-M21
Introduced
10.1.0-M1
Fixed
10.1.25
Introduced
9.0.13
Fixed
9.0.90