Improper Input Validation Affecting tomcat-admin-webapps package, versions <9.0.87-150200.65.1


Severity

Recommended
0.0
high
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES153-TOMCATADMINWEBAPPS-6663870
  • published19 Apr 2024
  • disclosed18 Apr 2024

Introduced: 18 Apr 2024

CVE-2024-24549  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade SLES:15.3 tomcat-admin-webapps to version 9.0.87-150200.65.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream tomcat-admin-webapps package and not the tomcat-admin-webapps package as distributed by SLES. See How to fix? for SLES:15.3 relevant fixed versions and status.

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

CVSS Scores

version 3.1