- Description
- Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-770
- Hype score
- Not currently trending
Apache Tomcat vulnerability lets Attackers trigger Dos Attack A newly discovered vulnerability in Apache Tomcat, identified as CVE-2024-38286, has raised significant concerns among cybersecurity experts. This flaw allows attackers to trigger a Denial ... https://t.co/VvlKeuKi6A
@SecurityAid
19 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-38286: HIGH] Apache Tomcat has a vulnerability (CVE-2022-0697) allowing resource allocation exploitation during TLS handshake. Users urged to upgrade to secure versions 11.0.0-M21, 10.1.25, or 9.0.90.#cybersecurity,#vulnerability https://t.co/DTZVxPqWss https://t.co/iqG
@CveFindCom
7 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1F40EB4-1D56-45C7-B083-B1613E63B26C",
"versionEndExcluding": "9.0.90",
"versionStartIncluding": "9.0.13"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F8D202A-1A79-47E5-81AD-A3C4BBB135EB",
"versionEndExcluding": "10.1.25",
"versionStartIncluding": "10.1.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5"
},
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "5333B745-F7A3-46CB-8437-8668DB08CD6F"
}
],
"operator": "OR"
}
]
}
]