apk package

wolfi/tomcat-9

pkg:apk/wolfi/tomcat-9

Vulnerabilities (3)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2024-23672		—		< 9.0.86-r0	9.0.86-r0	Mar 13, 2024	Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through
CVE-2024-24549		—		< 9.0.86-r0	9.0.86-r0	Mar 13, 2024	Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha
CVE-2023-44487	Hig	7.5	KEV	< 9.0.81-r0	9.0.81-r0	Oct 10, 2023	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2024-23672Mar 13, 2024
affected < 9.0.86-r0fixed 9.0.86-r0
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through
CVE-2024-24549Mar 13, 2024
affected < 9.0.86-r0fixed 9.0.86-r0
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha
CVE-2023-44487HigKEVOct 10, 2023
affected < 9.0.81-r0fixed 9.0.81-r0
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.