IM
IronMonkey Threat Research

CVE-2024-54677 MEDIUM

Published: 2024-12-17 | Last Modified: 2025-11-03 | Status: Modified

Description

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Additional Descriptions (1)

La vulnerabilidad de consumo descontrolado de recursos en la aplicación web de ejemplo proporcionada con Apache Tomcat provoca una denegación de servicio. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.1, desde 10.1.0-M1 hasta 10.1.33, desde 9.0.0.M1 hasta 9.9.97. Se recomienda a los usuarios que actualicen a la versión 11.0.2, 10.1.34 o 9.0.98, que soluciona el problema.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-400

Affected Products

Vendor Product Version Update Type
apache tomcat * <built-in method update of dict object at 0x75d828aac2c0> Application
apache tomcat * <built-in method update of dict object at 0x75d828aae180> Application
apache tomcat * <built-in method update of dict object at 0x75d819382480> Application
netapp bootstrap_os - <built-in method update of dict object at 0x75d819e9bb40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

References

Notification
Message here