Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jws5-tomcat@9.0.87-3.redhat_00003.1?arch=el7jws

Type rpm

Namespace redhat

Name jws5-tomcat

Version 9.0.87-3.redhat_00003.1

Qualifiers

arch	el7jws

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-p6pa-f1fg-hbhg

vulnerability_id

VCID-p6pa-f1fg-hbhg

summary

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23672

reference_id

reference_type

scores

value	0.01061
scoring_system	epss
scoring_elements	0.77679
published_at	2026-04-18T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77681
published_at	2026-04-16T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77643
published_at	2026-04-13T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77645
published_at	2026-04-12T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77661
published_at	2026-04-11T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77635
published_at	2026-04-09T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77629
published_at	2026-04-08T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.776
published_at	2026-04-07T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77618
published_at	2026-04-04T12:55:00Z

value	0.01061
scoring_system	epss
scoring_elements	0.77592
published_at	2026-04-02T12:55:00Z

value	0.01322
scoring_system	epss
scoring_elements	0.79918
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23672

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501

reference_url

https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591

reference_url

https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068

reference_url

https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9

reference_url

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/

url

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

reference_url

https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23672

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23672

reference_url

https://security.netapp.com/advisory/ntap-20240402-0002

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240402-0002

reference_url

http://www.openwall.com/lists/oss-security/2024/03/13/4

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/03/13/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877
reference_id	1066877
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2269608
reference_id	2269608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2269608

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672

reference_id

CVE-2024-23672

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672

reference_url

https://github.com/advisories/GHSA-v682-8vv8-vpwr

reference_id

GHSA-v682-8vv8-vpwr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v682-8vv8-vpwr

reference_url	https://access.redhat.com/errata/RHSA-2024:1913
reference_id	RHSA-2024:1913
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1913

reference_url	https://access.redhat.com/errata/RHSA-2024:1914
reference_id	RHSA-2024:1914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1914

reference_url	https://access.redhat.com/errata/RHSA-2024:1916
reference_id	RHSA-2024:1916
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1916

reference_url	https://access.redhat.com/errata/RHSA-2024:1917
reference_id	RHSA-2024:1917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1917

reference_url	https://access.redhat.com/errata/RHSA-2024:3307
reference_id	RHSA-2024:3307
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3307

reference_url	https://access.redhat.com/errata/RHSA-2024:3308
reference_id	RHSA-2024:3308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3308

reference_url	https://access.redhat.com/errata/RHSA-2024:3666
reference_id	RHSA-2024:3666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3666

reference_url	https://access.redhat.com/errata/RHSA-2024:3814
reference_id	RHSA-2024:3814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3814

reference_url	https://usn.ubuntu.com/7106-1/
reference_id	USN-7106-1
reference_type
scores
url	https://usn.ubuntu.com/7106-1/

reference_url	https://usn.ubuntu.com/7562-1/
reference_id	USN-7562-1
reference_type
scores
url	https://usn.ubuntu.com/7562-1/

fixed_packages

aliases

CVE-2024-23672, GHSA-v682-8vv8-vpwr

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-p6pa-f1fg-hbhg

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-3.redhat_00003.1%3Farch=el7jws

Package Instance