rhsa-2024_3308
Vulnerability from csaf_redhat
Published
2024-05-23 06:18
Modified
2024-11-06 05:57
Summary
Red Hat Security Advisory: tomcat security and bug fix update

Notes

Topic
An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): * Rebase tomcat to version 9.0.87 (JIRA:RHEL-34814)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)\n\n* Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)\n\nBug Fix(es) and Enhancement(s):\n\n* Rebase tomcat to version 9.0.87 (JIRA:RHEL-34814)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3308",
        "url": "https://access.redhat.com/errata/RHSA-2024:3308"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2269607",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269607"
      },
      {
        "category": "external",
        "summary": "2269608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269608"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3308.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-06T05:57:18+00:00",
      "generator": {
        "date": "2024-11-06T05:57:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2024:3308",
      "initial_release_date": "2024-05-23T06:18:36+00:00",
      "revision_history": [
        {
          "date": "2024-05-23T06:18:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-23T06:18:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T05:57:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
                  "product_id": "AppStream-9.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-1:9.0.87-1.el9_2.1.src",
                "product": {
                  "name": "tomcat-1:9.0.87-1.el9_2.1.src",
                  "product_id": "tomcat-1:9.0.87-1.el9_2.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.1?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-1:9.0.87-1.el9_2.1.noarch",
                "product": {
                  "name": "tomcat-webapps-1:9.0.87-1.el9_2.1.noarch",
                  "product_id": "tomcat-webapps-1:9.0.87-1.el9_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_2.1?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-1:9.0.87-1.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src"
        },
        "product_reference": "tomcat-1:9.0.87-1.el9_2.1.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-1:9.0.87-1.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
        },
        "product_reference": "tomcat-webapps-1:9.0.87-1.el9_2.1.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-23672",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269608"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service (DoS) vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability facilitates the exploitation of Apache Tomcat servers, leading to a scenario where excessive resource consumption occurs due to the prolonged existence of these open WebSocket connections. As a consequence, the server\u0027s performance may degrade significantly, resulting in potential service disruption or unresponsiveness.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat: WebSocket DoS with incomplete closing handshake",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Denial of Service (DoS) vulnerability within the Apache Tomcat package represents an Important severity issue due to its potential to significantly impact system availability and performance. By allowing WebSocket clients to maintain open connections without proper cleanup, the vulnerability facilitates the sustained consumption of server resources. This exploitation results in increased CPU, memory, and network utilization, ultimately leading to server degradation or unresponsiveness. The inability to terminate these lingering connections efficiently exacerbates the severity of the issue, as it enables attackers to exploit limited resources over an extended period, amplifying the impact of the attack.\n\nRed Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there are no entry point for WebSockets, and thus it is not possible to trigger the flaw in a supported setup.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
          "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-23672"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269608",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269608"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f",
          "url": "https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f"
        }
      ],
      "release_date": "2024-03-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-23T06:18:36+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
            "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3308"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
            "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
            "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Tomcat: WebSocket DoS with incomplete closing handshake"
    },
    {
      "cve": "CVE-2024-24549",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269607"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn\u0027t reset immediately. Instead, the reset action occurs only after all the headers within the request have been processed. This lapse in resetting the stream exposes the system to potential risks, as it allows malicious actors to exploit the delay in stream reset to carry out various attacks, such as header manipulation or resource exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat: HTTP/2 header handling DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability presents an Important severity issue due to its potential to facilitate various forms of attack, particularly in the context of HTTP/2 protocol. By delaying the reset of HTTP/2 streams until after processing all headers, malicious actors can exploit this window to execute header manipulation attacks, leading to potential data exfiltration, injection of malicious content, or server resource exhaustion. Furthermore, the delayed reset prolongs the exposure time of vulnerable systems, increasing the likelihood of successful exploitation.\n\nIn addition, Red Hat Certificate System 10.0 and Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat that is bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. See https://access.redhat.com/security/cve/CVE-2020-13934  for context.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
          "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
          "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-24549"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269607",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269607"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg",
          "url": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg"
        }
      ],
      "release_date": "2024-03-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-23T06:18:36+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
            "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3308"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
            "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.1.src",
            "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.1.noarch",
            "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Tomcat: HTTP/2 header handling DoS"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.