apk package
chainguard/tomcat-9-openjdk-8
pkg:apk/chainguard/tomcat-9-openjdk-8
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38286 | — | < 9.0.112-r0 | 9.0.112-r0 | Nov 7, 2024 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created | ||
| CVE-2024-34750 | — | < 9.0.112-r0 | 9.0.112-r0 | Jul 3, 2024 | Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn | ||
| CVE-2024-23672 | — | < 9.0.86-r0 | 9.0.86-r0 | Mar 13, 2024 | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through | ||
| CVE-2024-24549 | — | < 9.0.86-r0 | 9.0.86-r0 | Mar 13, 2024 | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 9.0.81-r0 | 9.0.81-r0 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
- CVE-2024-38286Nov 7, 2024affected < 9.0.112-r0fixed 9.0.112-r0
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created
- CVE-2024-34750Jul 3, 2024affected < 9.0.112-r0fixed 9.0.112-r0
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn
- CVE-2024-23672Mar 13, 2024affected < 9.0.86-r0fixed 9.0.86-r0
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through
- CVE-2024-24549Mar 13, 2024affected < 9.0.86-r0fixed 9.0.86-r0
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha
- affected < 9.0.81-r0fixed 9.0.81-r0
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.