Test ID:	1.3.6.1.4.1.25623.1.0.114428
Category:	Web Servers
Title:	Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Windows
Summary:	Apache Tomcat is prone to multiple denial of service (DoS); vulnerabilities.
Description:	Summary: Apache Tomcat is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2024-23672: WebSocket DoS with incomplete closing handshake - CVE-2024-24549: HTTP/2 header handling DoS Affected Software/OS: Apache Tomcat versions prior to 8.5.99, 9.0.0-M1 through 9.0.85, 10.x through 10.1.18 and 11.0.0-M1 through 11.0.0-M16. Note: While not explicitly mentioned by the vendor (due to the EOL status of these branches) it is assumed that the whole 10.x branch and all versions prior to 8.5.x are affected by these flaws. If you disagree with this assessment and want to accept the risk please create an override for this result. Solution: Update to version 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-23672 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/ https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html http://www.openwall.com/lists/oss-security/2024/03/13/4 Common Vulnerability Exposure (CVE) ID: CVE-2024-24549 https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg http://www.openwall.com/lists/oss-security/2024/03/13/3
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.