CVE-2024-52316

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 391

Summary

CVE-2024-52316 is an Unchecked Error Condition vulnerability affecting Apache Tomcat versions 11.0.0-M1 through 11.0.0-M26, 10.1.0-M1 through 10.1.30, and 9.0.0-M1 through 9.0.95. This issue arises when Tomcat, if configured to use a custom Jakarta Authentication component during the authentication process, may not properly set an HTTP status to indicate failure upon encountering an exception. Consequently, the user may bypass the authentication process. No known Jakarta Authentication components exhibit this behavior. To mitigate this risk, users are advised to upgrade to Tomcat versions 11.0.0, 10.1.31, or 9.0.96, which address the vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Tomcat

Affected Vendors

  • Apache Software Foundation