Vulnerability Database
289,571
Total vulnerabilities in the database
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
| Software | From | Fixed in |
|---|---|---|
org.apache.tomcat.embed / tomcat-embed-core
|
11.0.0-M1 | 11.0.0-M21 |
|
org.apache.tomcat.embed / tomcat-embed-core
|
10.1.0-M1 | 10.1.25 |
|
org.apache.tomcat.embed / tomcat-embed-core
|
9.0.0-M1 | 9.0.90 |
|
org.apache.tomcat / tomcat-coyote
|
11.0.0-M1 | 11.0.0-M21 |
|
org.apache.tomcat / tomcat-coyote
|
10.1.0-M1 | 10.1.25 |
|
org.apache.tomcat / tomcat-coyote
|
9.0.0-M1 | 9.0.90 |
| apache / tomcat | 11.0.0-milestone1 | 11.0.0-milestone1.x |
| apache / tomcat | 11.0.0-milestone2 | 11.0.0-milestone2.x |
| apache / tomcat | 11.0.0-milestone4 | 11.0.0-milestone4.x |
| apache / tomcat | 11.0.0-milestone3 | 11.0.0-milestone3.x |
| apache / tomcat | 11.0.0-milestone5 | 11.0.0-milestone5.x |
| apache / tomcat | 11.0.0-milestone7 | 11.0.0-milestone7.x |
| apache / tomcat | 11.0.0-milestone10 | 11.0.0-milestone10.x |
| apache / tomcat | 11.0.0-milestone11 | 11.0.0-milestone11.x |
| apache / tomcat | 11.0.0-milestone12 | 11.0.0-milestone12.x |
| apache / tomcat | 11.0.0-milestone13 | 11.0.0-milestone13.x |
| apache / tomcat | 11.0.0-milestone14 | 11.0.0-milestone14.x |
| apache / tomcat | 11.0.0-milestone15 | 11.0.0-milestone15.x |
| apache / tomcat | 11.0.0-milestone16 | 11.0.0-milestone16.x |
| apache / tomcat | 11.0.0-milestone17 | 11.0.0-milestone17.x |
| apache / tomcat | 11.0.0-milestone18 | 11.0.0-milestone18.x |
| apache / tomcat | 11.0.0-milestone6 | 11.0.0-milestone6.x |
| apache / tomcat | 11.0.0-milestone8 | 11.0.0-milestone8.x |
| apache / tomcat | 11.0.0-milestone9 | 11.0.0-milestone9.x |
| apache / tomcat | 9.0.0 | 9.0.90 |
| apache / tomcat | 10.1.0 | 10.1.25 |
| apache / tomcat | 11.0.0-milestone19 | 11.0.0-milestone19.x |
| apache / tomcat | 11.0.0-milestone20 | 11.0.0-milestone20.x |
| netapp / ontap_tools | 9 | 9.x |
- https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
- https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
- https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
- https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
- https://security.netapp.com/advisory/ntap-20240816-0004/
- https://tomcat.apache.org/security-10.html
- https://tomcat.apache.org/security-11.html
- https://tomcat.apache.org/security-9.html