AIKIDO-2024-10008

tomcat-embed-core is vulnerable to DOS

DOSCVE-2024-24549 Published Mar 13, 2024

High Risk

This Affects:

tomcat-embed-core

8.5.0 - 8.5.98

Fixed in 8.5.99

9.0.0 - 9.0.85

Fixed in 9.0.86

10.0.0 - 10.1.18

Fixed in 10.1.19

Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to a Denial of Service (DoS) attack if the Tomcat server is configured to allow HTTP/2 requests.

Who does this affect?

You are affected if you use Tomcat (within the affected versions) to process HTTP/2 requests without a load balancer in front of it.

Background info

tomcat-embed-core is vulnerable to DOS in versions 10.0.0 - 10.1.18, 9.0.0 - 9.0.85 and 8.5.0 - 8.5.98.

How to fix this

Upgrade Tomcat to any of the patched versions.

High Risk

This Affects:

tomcat-embed-core

8.5.0 - 8.5.98

Fixed in 8.5.99

9.0.0 - 9.0.85

Fixed in 9.0.86

10.0.0 - 10.1.18

Fixed in 10.1.19

Are you affected? Scan for Free

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free

Book a Demo

Free. No credit card required.

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Stay up to date with all updates

LinkedIn YouTube X

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2Compliant

ISO 27001Compliant

AIKIDO-2024-10008

This Affects:

TL;DR

Who does this affect?

Background info

How to fix this

This Affects:

Links

CVE Detail

Other

Are You Affected?