Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Published

2024-03-13T16:15:29.287

Last Modified

2025-05-19T13:00:05.240

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-459

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	tomcat	< 8.5.99	Yes
Application	apache	tomcat	< 9.0.86	Yes
Application	apache	tomcat	< 10.1.19	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	fedoraproject	fedora	40	Yes

References

http://www.openwall.com/lists/oss-security/2024/03/13/4 Mailing List ([email protected])
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240402-0002/ Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/03/13/4 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240402-0002/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)