RHSA-2024:3814: Important: tomcat security and bug fix update
First published: Tue Jun 11 2024(Updated: )
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.<br>Security Fix(es):<br><li> Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)</li> <li> Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)</li> Bug Fix(es):<br><li> Rebase tomcat to version 9.0.87 (JIRA:RHEL-34811)</li> <li> Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly (JIRA:RHEL-37865)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tomcat | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
| redhat/tomcat | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
| redhat/tomcat-admin-webapps | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
| redhat/tomcat-docs-webapp | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
| redhat/tomcat-el | <3.0-api-9.0.87-1.el8_8.2 | 3.0-api-9.0.87-1.el8_8.2 |
| redhat/tomcat-jsp | <2.3-api-9.0.87-1.el8_8.2 | 2.3-api-9.0.87-1.el8_8.2 |
| redhat/tomcat-lib | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
| redhat/tomcat-servlet | <4.0-api-9.0.87-1.el8_8.2 | 4.0-api-9.0.87-1.el8_8.2 |
| redhat/tomcat-webapps | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
| Red Hat Enterprise Linux for SAP Solutions | ||
| Red Hat Enterprise Linux Server | ||
| Red Hat Enterprise Linux for ARM64 EUS | ||
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | ||
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | ||
| Red Hat Enterprise Linux for IBM z Systems | ||
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2024:3814?
The severity of RHSA-2024:3814 is categorized as important due to potential denial of service vulnerabilities.
How do I fix RHSA-2024:3814?
To fix RHSA-2024:3814, update the affected Apache Tomcat packages to version 9.0.87-1.el8_8.2 or later.
What vulnerabilities are addressed in RHSA-2024:3814?
RHSA-2024:3814 addresses denial of service vulnerabilities related to HTTP/2 header handling and WebSocket closing handshake.
Which Apache Tomcat versions are affected by RHSA-2024:3814?
Apache Tomcat versions prior to 9.0.87-1.el8_8.2 are affected by RHSA-2024:3814.
Is RHSA-2024:3814 applicable to all Red Hat products?
RHSA-2024:3814 specifically applies to Red Hat Enterprise Linux and its components utilizing Apache Tomcat.
- agent/severity
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2024:3814
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/redhat-errata-latest
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/red hat
- canonical/red hat enterprise linux for sap solutions
- canonical/red hat enterprise linux server
- canonical/red hat enterprise linux for arm64 eus
- canonical/red hat enterprise linux server for power le - update services for sap solutions
- canonical/red hat enterprise linux for x86_64 - extended update support
- canonical/red hat enterprise linux for ibm z systems
- canonical/red hat enterprise linux for power, little endian - extended update support