GHSA-653p-vg55-5652

Source

https://github.com/advisories/GHSA-653p-vg55-5652

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-653p-vg55-5652

Aliases

Published

2024-12-17T15:31:43Z

Modified

2024-12-23T19:57:04.044831Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Apache Tomcat Uncontrolled Resource Consumption vulnerability

Details

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.

Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Database specific

{
    "nvd_published_at": "2024-12-17T13:15:18Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-17T16:41:30Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.0-M1

Fixed

11.0.2

Affected versions

11.*

11.0.0-M1

11.0.0-M3

11.0.0-M4

11.0.0-M5

11.0.0-M6

11.0.0-M7

11.0.0-M9

11.0.0-M10

11.0.0-M11

11.0.0-M12

11.0.0-M13

11.0.0-M14

11.0.0-M15

11.0.0-M16

11.0.0-M17

11.0.0-M18

11.0.0-M19

11.0.0-M20

11.0.0-M21

11.0.0-M22

11.0.0-M24

11.0.0-M25

11.0.0-M26

11.0.0

11.0.1

Maven / org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.1.0-M1

Fixed

10.1.34

Affected versions

10.*

10.1.0-M1

10.1.0-M2

10.1.0-M4

10.1.0-M5

10.1.0-M6

10.1.0-M7

10.1.0-M8

10.1.0-M10

10.1.0-M11

10.1.0-M12

10.1.0-M14

10.1.0-M15

10.1.0-M16

10.1.0-M17

10.1.0

10.1.1

10.1.2

10.1.4

10.1.5

10.1.6

10.1.7

10.1.8

10.1.9

10.1.10

10.1.11

10.1.12

10.1.13

10.1.14

10.1.15

10.1.16

10.1.17

10.1.18

10.1.19

10.1.20

10.1.23

10.1.24

10.1.25

10.1.26

10.1.28

10.1.29

10.1.30

10.1.31

10.1.33

Maven / org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0.M1

Fixed

9.0.98

Affected versions

9.*

9.0.0.M1

9.0.0.M3

9.0.0.M4

9.0.0.M6

9.0.0.M8

9.0.0.M9

9.0.0.M10

9.0.0.M11

9.0.0.M13

9.0.0.M15

9.0.0.M17

9.0.0.M18

9.0.0.M19

9.0.0.M20

9.0.0.M21

9.0.0.M22

9.0.0.M25

9.0.0.M26

9.0.0.M27

9.0.1

9.0.2

9.0.4

9.0.5

9.0.6

9.0.7

9.0.8

9.0.10

9.0.11

9.0.12

9.0.13

9.0.14

9.0.16

9.0.17

9.0.19

9.0.20

9.0.21

9.0.22

9.0.24

9.0.26

9.0.27

9.0.29

9.0.30

9.0.31

9.0.33

9.0.34

9.0.35

9.0.36

9.0.37

9.0.38

9.0.39

9.0.40

9.0.41

9.0.43

9.0.44

9.0.45

9.0.46

9.0.48

9.0.50

9.0.52

9.0.53

9.0.54

9.0.55

9.0.56

9.0.58

9.0.59

9.0.60

9.0.62

9.0.63

9.0.64

9.0.65

9.0.67

9.0.68

9.0.69

9.0.70

9.0.71

9.0.72

9.0.73

9.0.74

9.0.75

9.0.76

9.0.78

9.0.79

9.0.80

9.0.81

9.0.82

9.0.83

9.0.84

9.0.85

9.0.86

9.0.87

9.0.88

9.0.89

9.0.90

9.0.91

9.0.93

9.0.94

9.0.95

9.0.96

9.0.97