CVE-2024-52317
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-52317 is an incorrect object recycling and re-use vulnerability affecting Apache Tomcat. This issue stems from the improper recycling of request and response objects used in HTTP/2 requests, potentially leading to request and/or response mix-ups between users. This vulnerability can impact various versions of Apache Tomcat, including those from 11.0.0-M23 through 11.0.0-M26, 10.1.27 through 10.1.30, and 9.0.92 through 9.0.95. To mitigate this risk, users are advised to upgrade to the latest versions: Apache Tomcat 11.0.0, 10.1.31, or 9.0.96, which address the issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Tomcat
Affected Vendors
- Apache Software Foundation