VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7uaw-6w3w-aaar

Essentials
Severities (107)
References (53)
Severity details (39)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7uaw-6w3w-aaar
Aliases	CVE-2024-24549 GHSA-7w75-32cg-r6g2
Summary	Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.24768	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.24768	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.24768	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.41058	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.42098	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.42098	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.42098	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.42935	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.43249	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.43249	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.43249	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.43249	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.52453	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.551	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.57387	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.57387	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.57387	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.57387	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
epss	0.80964	https://api.first.org/data/v1/epss?cve=CVE-2024-24549
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-7w75-32cg-r6g2
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
cvssv3.1	7.5	https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
generic_textual	MODERATE	https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
ssvc	Track	https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-24549
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-24549
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20240402-0002
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240402-0002
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20240402-0002/
ssvc	Track	https://security.netapp.com/advisory/ntap-20240402-0002/
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/03/13/3
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/03/13/3
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/03/13/3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-24549
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
		https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
		https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
		https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
		https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
		https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
		https://security.netapp.com/advisory/ntap-20240402-0002
		https://security.netapp.com/advisory/ntap-20240402-0002/
		http://www.openwall.com/lists/oss-security/2024/03/13/3
1066878		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
2269607		https://bugzilla.redhat.com/show_bug.cgi?id=2269607
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
cpe:2.3:o:fedoraproject:fedora:40:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:::::::*
CVE-2024-24549		https://nvd.nist.gov/vuln/detail/CVE-2024-24549
GHSA-7w75-32cg-r6g2		https://github.com/advisories/GHSA-7w75-32cg-r6g2
RHSA-2024:1318		https://access.redhat.com/errata/RHSA-2024:1318
RHSA-2024:1319		https://access.redhat.com/errata/RHSA-2024:1319
RHSA-2024:1324		https://access.redhat.com/errata/RHSA-2024:1324
RHSA-2024:1325		https://access.redhat.com/errata/RHSA-2024:1325
RHSA-2024:3307		https://access.redhat.com/errata/RHSA-2024:3307
RHSA-2024:3308		https://access.redhat.com/errata/RHSA-2024:3308
RHSA-2024:3666		https://access.redhat.com/errata/RHSA-2024:3666
RHSA-2024:3814		https://access.redhat.com/errata/RHSA-2024:3814
USN-7562-1		https://usn.ubuntu.com/7562-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/ Found at https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/ Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-24549

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240402-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240402-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/ Found at https://security.netapp.com/advisory/ntap-20240402-0002/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/03/13/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/ Found at http://www.openwall.com/lists/oss-security/2024/03/13/3

Exploit Prediction Scoring System (EPSS)

Percentile	0.15162
EPSS Score	0.00045
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:18:40.911583+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-24549	34.0.0rc4