Search for vulnerabilities
Vulnerability details: VCID-5hsr-w1fn-c7bv
Vulnerability ID VCID-5hsr-w1fn-c7bv
Aliases CVE-2024-54677
GHSA-653p-vg55-5652
Summary Apache Tomcat Uncontrolled Resource Consumption vulnerability Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json
epss 0.00984 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.02559 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.04897 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.04897 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.04897 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.04897 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.04897 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.04897 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.05305 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.06406 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.06406 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
epss 0.06406 https://api.first.org/data/v1/epss?cve=CVE-2024-54677
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-653p-vg55-5652
cvssv3.1 5.3 https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd
generic_textual MODERATE https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
generic_textual MODERATE https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4
generic_textual MODERATE https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a
generic_textual MODERATE https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746
generic_textual MODERATE https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd
generic_textual MODERATE https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c
generic_textual MODERATE https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1
generic_textual MODERATE https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
generic_textual MODERATE https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654
generic_textual MODERATE https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
generic_textual MODERATE https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
generic_textual MODERATE https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a
generic_textual MODERATE https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1
generic_textual MODERATE https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66
generic_textual MODERATE https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a
generic_textual MODERATE https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044
generic_textual MODERATE https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213
generic_textual MODERATE https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb
generic_textual MODERATE https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444
generic_textual MODERATE https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585
generic_textual MODERATE https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4
generic_textual MODERATE https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4
cvssv3.1 5.3 https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
generic_textual MODERATE https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
ssvc Track https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-54677
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-54677
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20250131-0006
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20250131-0006
cvssv3.1 5.3 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
generic_textual MODERATE https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
cvssv3.1 5.3 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
generic_textual MODERATE https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
cvssv3.1 5.3 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
generic_textual MODERATE https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2024/12/17/5
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2024/12/17/5
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2024/12/17/6
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2024/12/17/6
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2024/12/18/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2024/12/18/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json
https://api.first.org/data/v1/epss?cve=CVE-2024-54677
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd
https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4
https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a
https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746
https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd
https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c
https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1
https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654
https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a
https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1
https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408
https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66
https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a
https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044
https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213
https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb
https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444
https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585
https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4
https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
https://nvd.nist.gov/vuln/detail/CVE-2024-54677
https://security.netapp.com/advisory/ntap-20250131-0006
https://security.netapp.com/advisory/ntap-20250131-0006/
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
http://www.openwall.com/lists/oss-security/2024/12/17/5
http://www.openwall.com/lists/oss-security/2024/12/17/6
http://www.openwall.com/lists/oss-security/2024/12/18/1
2332815 https://bugzilla.redhat.com/show_bug.cgi?id=2332815
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
CVE-2024-54677 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677
GHSA-653p-vg55-5652 https://github.com/advisories/GHSA-653p-vg55-5652
RHSA-2025:7497 https://access.redhat.com/errata/RHSA-2025:7497
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/ Found at https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-54677
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20250131-0006
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.openwall.com/lists/oss-security/2024/12/17/5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.openwall.com/lists/oss-security/2024/12/17/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.openwall.com/lists/oss-security/2024/12/18/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.75776
EPSS Score 0.00984
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:09:38.468824+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json 36.1.3