Web Servers : Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.114427

Kategorie: Web Servers

Titel: Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Linux

Zusammenfassung: Apache Tomcat is prone to multiple denial of service (DoS); vulnerabilities.

Beschreibung: Summary:
Apache Tomcat is prone to multiple denial of service (DoS)
vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2024-23672: WebSocket DoS with incomplete closing handshake

- CVE-2024-24549: HTTP/2 header handling DoS

Affected Software/OS:
Apache Tomcat versions prior to 8.5.99, 9.0.0-M1 through
9.0.85, 10.x through 10.1.18 and 11.0.0-M1 through 11.0.0-M16.

Note: While not explicitly mentioned by the vendor (due to the EOL status of these branches) it is
assumed that the whole 10.x branch and all versions prior to 8.5.x are affected by these flaws. If
you disagree with this assessment and want to accept the risk please create an override for this
result.

Solution:
Update to version 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 or
later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-23672
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
http://www.openwall.com/lists/oss-security/2024/03/13/4
Common Vulnerability Exposure (CVE) ID: CVE-2024-24549
https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
http://www.openwall.com/lists/oss-security/2024/03/13/3

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.114427
Kategorie:	Web Servers
Titel:	Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Linux
Zusammenfassung:	Apache Tomcat is prone to multiple denial of service (DoS); vulnerabilities.
Beschreibung:	Summary: Apache Tomcat is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2024-23672: WebSocket DoS with incomplete closing handshake - CVE-2024-24549: HTTP/2 header handling DoS Affected Software/OS: Apache Tomcat versions prior to 8.5.99, 9.0.0-M1 through 9.0.85, 10.x through 10.1.18 and 11.0.0-M1 through 11.0.0-M16. Note: While not explicitly mentioned by the vendor (due to the EOL status of these branches) it is assumed that the whole 10.x branch and all versions prior to 8.5.x are affected by these flaws. If you disagree with this assessment and want to accept the risk please create an override for this result. Solution: Update to version 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-23672 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/ https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html http://www.openwall.com/lists/oss-security/2024/03/13/4 Common Vulnerability Exposure (CVE) ID: CVE-2024-24549 https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg http://www.openwall.com/lists/oss-security/2024/03/13/3
Copyright	Copyright (C) 2024 Greenbone AG