Vulnerability Database

289,598

Total vulnerabilities in the database

CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.

Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

  • Published: Nov 7, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-38286
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
apache / tomcat 10.1.0-milestone3 10.1.0-milestone3.x
apache / tomcat 10.1.0-milestone4 10.1.0-milestone4.x
apache / tomcat 10.1.0-milestone5 10.1.0-milestone5.x
apache / tomcat 10.1.0-milestone1 10.1.0-milestone1.x
apache / tomcat 10.1.0-milestone2 10.1.0-milestone2.x
apache / tomcat 10.1.0-milestone7 10.1.0-milestone7.x
apache / tomcat 10.1.0-milestone10 10.1.0-milestone10.x
apache / tomcat 10.1.0-milestone11 10.1.0-milestone11.x
apache / tomcat 10.1.0-milestone12 10.1.0-milestone12.x
apache / tomcat 10.1.0-milestone13 10.1.0-milestone13.x
apache / tomcat 10.1.0-milestone14 10.1.0-milestone14.x
apache / tomcat 10.1.0-milestone15 10.1.0-milestone15.x
apache / tomcat 10.1.0-milestone16 10.1.0-milestone16.x
apache / tomcat 10.1.0-milestone17 10.1.0-milestone17.x
apache / tomcat 10.1.0-milestone6 10.1.0-milestone6.x
apache / tomcat 10.1.0-milestone8 10.1.0-milestone8.x
apache / tomcat 10.1.0-milestone9 10.1.0-milestone9.x
apache / tomcat 11.0.0-milestone1 11.0.0-milestone1.x
apache / tomcat 10.1.1 10.1.25
apache / tomcat 9.0.13 9.0.90
apache / tomcat 10.1.0-milestone18 10.1.0-milestone18.x
apache / tomcat 10.1.0-milestone19 10.1.0-milestone19.x
apache / tomcat 10.1.0-milestone20 10.1.0-milestone20.x
apache / tomcat 11.0.0-milestone2 11.0.0-milestone2.x
apache / tomcat 11.0.0-milestone3 11.0.0-milestone3.x
apache / tomcat 11.0.0-milestone4 11.0.0-milestone4.x
apache / tomcat 11.0.0-milestone5 11.0.0-milestone5.x
apache / tomcat 11.0.0-milestone6 11.0.0-milestone6.x
apache / tomcat 11.0.0-milestone7 11.0.0-milestone7.x
apache / tomcat 11.0.0-milestone8 11.0.0-milestone8.x
apache / tomcat 11.0.0-milestone9 11.0.0-milestone9.x
apache / tomcat 11.0.0-milestone10 11.0.0-milestone10.x
apache / tomcat 11.0.0-milestone11 11.0.0-milestone11.x
apache / tomcat 11.0.0-milestone12 11.0.0-milestone12.x
apache / tomcat 11.0.0-milestone13 11.0.0-milestone13.x
apache / tomcat 11.0.0-milestone14 11.0.0-milestone14.x
apache / tomcat 11.0.0-milestone15 11.0.0-milestone15.x
apache / tomcat 11.0.0-milestone16 11.0.0-milestone16.x
apache / tomcat 11.0.0-milestone17 11.0.0-milestone17.x
apache / tomcat 11.0.0-milestone18 11.0.0-milestone18.x
apache / tomcat 11.0.0-milestone19 11.0.0-milestone19.x
apache / tomcat 11.0.0-milestone20 11.0.0-milestone20.x
netapp / ontap_tools 9 9.x
netapp / ontap_tools 10 10.x