oss-sec mailing list archives
CVE-2024-54677: Apache Tomcat: DoS in examples web application
From: Mark Thomas <markt () apache org>
Date: Tue, 17 Dec 2024 12:46:54 +0000
Severity: low Affected versions: - Apache Tomcat 11.0.0-M1 through 11.0.1 - Apache Tomcat 10.1.0-M1 through 10.1.33 - Apache Tomcat 9.0.0.M1 through 9.9.97 Description:Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
References: https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n https://tomcat.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-54677
Current thread:
- CVE-2024-54677: Apache Tomcat: DoS in examples web application Mark Thomas (Dec 17)
- Re: CVE-2024-54677: Apache Tomcat: DoS in examples web application Agostino Sarubbo (Dec 17)
- Re: CVE-2024-54677: Apache Tomcat: DoS in examples web application Mark Thomas (Dec 18)
- Re: CVE-2024-54677: Apache Tomcat: DoS in examples web application Agostino Sarubbo (Dec 17)