Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-v682-8vv8-vpwr: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

ghsa
#vulnerability#web#dos#apache#git#java#maven

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Moderate severity GitHub Reviewed Published Mar 13, 2024 to the GitHub Advisory Database • Updated Mar 14, 2024

Package

maven org.apache.tomcat:tomcat (Maven)

Affected versions

>= 11.0.0-M1, <= 11.0.0-M16

>= 10.1.0-M1, <= 10.1.18

>= 9.0.0-M1, <= 9.0.85

>= 8.5.0, <= 8.5.98

Patched versions

11.0.0-M17

10.1.19

9.0.86

8.5.99

Description

Published to the GitHub Advisory Database

Mar 13, 2024

Last updated

Mar 14, 2024

Related news

Ubuntu Security Notice USN-7106-1

Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

Debian Security Advisory 5665-1

Debian Linux Security Advisory 5665-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.