CVE-2024-54677
Public on 2024-12-17
Modified on 2025-01-23
Description
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | tomcat | 2025-04-09 | ALAS2-2025-2829 | Fixed |
| HAQM Linux 2 - Tomcat9 Extra | tomcat | 2025-01-21 | ALAS2TOMCAT9-2025-015 | Fixed |
| HAQM Linux 2023 | tomcat10 | 2025-01-21 | ALAS2023-2025-814 | Fixed |
| HAQM Linux 1 | tomcat8 | No Fix Planned | ||
| HAQM Linux 2023 | tomcat9 | 2025-01-21 | ALAS2023-2025-813 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
| NVD | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |