REDHAT-BUG-2295651
First published: Wed Jul 03 2024(Updated: )
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tomcat | >=11.0.0-M1<11.0.0-M20 | |
| Tomcat | >=10.1.0-M1<10.1.24 | |
| Tomcat | >=9.0.0-M1<9.0.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:5025
- https://access.redhat.com/errata/RHSA-2024:5024
- https://access.redhat.com/errata/RHSA-2024:4977
- https://access.redhat.com/errata/RHSA-2024:4976
- https://access.redhat.com/errata/RHSA-2024:5694
- https://access.redhat.com/errata/RHSA-2024:5695
- https://access.redhat.com/errata/RHSA-2024:5693
- https://access.redhat.com/errata/RHSA-2024:5696
- https://block-blast.io
- https://smashy-road.io
- https://history-spot.com
- https://football-bros.io
- https://leveldevil2.com
- https://copyemojies.com
- https://blockblast-online.io/
- https://tiktokpromod.com/
- https://escaperoad2.io
- https://bugzilla.redhat.com/show_bug.cgi?id=2295651
Frequently Asked Questions
What is the severity of REDHAT-BUG-2295651?
The severity of REDHAT-BUG-2295651 is categorized as moderate.
How do I fix REDHAT-BUG-2295651?
To fix REDHAT-BUG-2295651, upgrade to the latest patched version of Apache Tomcat as recommended in the errata.
What versions of Apache Tomcat are affected by REDHAT-BUG-2295651?
Affected versions include Apache Tomcat from 9.0.0-M1 to 9.0.89, 10.1.0-M1 to 10.1.24, and 11.0.0-M1 to 11.0.0-M20.
What kind of vulnerability is REDHAT-BUG-2295651?
REDHAT-BUG-2295651 is classified as an Improper Handling of Exceptional Conditions vulnerability, leading to potential resource exhaustion.
What risks are posed by REDHAT-BUG-2295651?
The risks include the possibility of excessive resource consumption and denial of service due to mismanagement of HTTP/2 streams.
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/last-modified-date
- agent/references
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-34750
- vendor/apache
- canonical/tomcat