BIT-tomcat-2024-23672

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2024-23672.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-tomcat-2024-23672
Aliases
Published
2024-04-01T14:18:43.369Z
Modified
2024-05-02T07:52:56.618Z
Summary
[none]
Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

References

Affected packages

Bitnami / tomcat

Package

Name
tomcat
Purl
pkg:bitnami/tomcat

Affected ranges

Type
SEMVER
Events
Introduced
8.5.0
Fixed
8.5.99
Introduced
11.0.0
Fixed
11.0.0
Introduced
10.1.0
Fixed
10.1.19
Introduced
9.0.0
Fixed
9.0.86