CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

CVSS

No CVSS.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/03/13/4
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
https://security.netapp.com/advisory/ntap-20240402-0002/

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-13 16:15

Updated : 2024-06-23 09:15

NVD link : CVE-2024-23672

Mitre link : CVE-2024-23672

CVE.ORG link : CVE-2024-23672

JSON object : View

Products Affected

No product.

CWE

CWE-459

Incomplete Cleanup

JSON object

Attach tags to CVE-2024-23672

Attach tags to `CVE-2024-23672`