CVE-2024-52316
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-52316 is an Unchecked Error Condition vulnerability affecting Apache Tomcat versions 11.0.0-M1 through 11.0.0-M26, 10.1.0-M1 through 10.1.30, and 9.0.0-M1 through 9.0.95. This issue arises when Tomcat, if configured to use a custom Jakarta Authentication component during the authentication process, may not properly set an HTTP status to indicate failure upon encountering an exception. Consequently, the user may bypass the authentication process. No known Jakarta Authentication components exhibit this behavior. To mitigate this risk, users are advised to upgrade to Tomcat versions 11.0.0, 10.1.31, or 9.0.96, which address the vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Tomcat
Affected Vendors
- Apache Software Foundation