CVE-2024-54677

State: PUBLISHED · Published: 2024-12-17 · Updated: 2025-11-03 · Assigner: apache

Description

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CWE

CWE-400 — CWE-400 Uncontrolled Resource Consumption

Affected

Apache Software Foundation / Apache Tomcat — v=11.0.0-M1 ≤11.0.1 [affected]; v=10.1.0-M1 ≤10.1.33 [affected]; v=9.0.0.M1 ≤9.0.97 [affected]; v=8.5.0 ≤8.5.100 [affected]; v=3 <8.5.0 [unknown]; v=10.0.0-M1 ≤10.0.27 [unknown]

CVSS

(none)

References

https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n vendor-advisory

Source

cvelistV5-main/cves/2024/54xxx/CVE-2024-54677.json