CVE-2024-52317

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 326

Summary

CVE-2024-52317 is an incorrect object recycling and re-use vulnerability affecting Apache Tomcat. This issue stems from the improper recycling of request and response objects used in HTTP/2 requests, potentially leading to request and/or response mix-ups between users. This vulnerability can impact various versions of Apache Tomcat, including those from 11.0.0-M23 through 11.0.0-M26, 10.1.27 through 10.1.30, and 9.0.92 through 9.0.95. To mitigate this risk, users are advised to upgrade to the latest versions: Apache Tomcat 11.0.0, 10.1.31, or 9.0.96, which address the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Tomcat

Affected Vendors

  • Apache Software Foundation