Published: 13/03/2024 Updated: 06/04/2024

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M16, from 10.1.0-M1 up to and including 10.1.18, from 9.0.0-M1 up to and including 9.0.85, from 8.5.0 up to and including 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Debian Bug report logs - #1066877 tomcat10: CVE-2024-23672 Package: src:tomcat10; Maintainer for src:tomcat10 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Mar 2024 19:57:01 UTC Severity: important Tags: security, upstrea ...

DescriptionThis CVE is under investigation by Red Hat Product Security ...

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumptionThis issue affects Apache Tomcat: from 1100-M1 through 1100-M16, from 1010-M1 through 10118, from 900-M1 through 9085, from 850 through 8598 User ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2024-23672: Apache Tomcat: WebSocket DoS with incomplete closing handshake  <!--X-Head-of-Messa ...

CWE-459 https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f https://security.netapp.com/advisory/ntap-20240402-0002/https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-23672

CVE-2024-23672

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect