Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Published

2024-11-07T08:15:13.007

Last Modified

2025-02-11T16:15:56.757

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	tomcat	< 9.0.90	Yes
Application	apache	tomcat	< 10.1.25	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	apache	tomcat	11.0.0	Yes
Application	netapp	ontap_tools	9	Yes
Application	netapp	ontap_tools	10	Yes

References

https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2024/09/23/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241101-0010/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)