Allocation of Resources Without Limits or Throttling Affecting tomcat10 package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-TOMCAT10-8073015
- published 24 Sep 2024
- disclosed 7 Nov 2024
Introduced: 24 Sep 2024
CVE-2024-38286 Open this link in a new tabHow to fix?
There is no fixed version for Debian:12
tomcat10
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream tomcat10
package and not the tomcat10
package as distributed by Debian
.
See How to fix?
for Debian:12
relevant fixed versions and status.
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.
Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.