CVE-2024-34750
HIGH
Published 2024-07-03T19:32:34.695Z
Actions:
CVSS Score
V3.1
7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.000
probability
of exploitation in the wild
There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.114
Higher than 11.4% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
HackerOne Reports
devme4f
Internet Bug Bounty
$4920.00
Uncontrolled Resource Consumption
Published: 2024-07-03T19:32:34.695Z
Last Modified: 2024-08-16T17:02:39.887Z
Copied to clipboard!