VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-exnf-s6zc-aaah

Essentials
Severities (127)
References (54)
Severity details (40)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-exnf-s6zc-aaah
Aliases	CVE-2024-23672 GHSA-v682-8vv8-vpwr
Summary	Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-459	Incomplete Cleanup
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.0012	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.0012	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.0012	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00425	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.0123	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.0123	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.0123	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss	0.02454	https://api.first.org/data/v1/epss?cve=CVE-2024-23672
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-v682-8vv8-vpwr
cvssv3.1	6.3	https://github.com/apache/tomcat
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat
cvssv3.1	6.3	https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
cvssv3.1	6.3	https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
cvssv3.1	6.3	https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
cvssv3.1	6.3	https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
cvssv3.1	6.3	https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
generic_textual	MODERATE	https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
ssvc	Track	https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
cvssv3.1	6.3	https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
cvssv3.1	6.3	https://nvd.nist.gov/vuln/detail/CVE-2024-23672
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-23672
cvssv3.1	6.3	https://security.netapp.com/advisory/ntap-20240402-0002
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240402-0002
cvssv3.1	6.3	https://security.netapp.com/advisory/ntap-20240402-0002/
ssvc	Track	https://security.netapp.com/advisory/ntap-20240402-0002/
cvssv3.1	6.3	http://www.openwall.com/lists/oss-security/2024/03/13/4
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/03/13/4
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/03/13/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-23672
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
		https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
		https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
		https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
		https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
		https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
		https://security.netapp.com/advisory/ntap-20240402-0002
		https://security.netapp.com/advisory/ntap-20240402-0002/
		http://www.openwall.com/lists/oss-security/2024/03/13/4
1066877		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877
2269608		https://bugzilla.redhat.com/show_bug.cgi?id=2269608
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
cpe:2.3:o:fedoraproject:fedora:40:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:::::::*
CVE-2024-23672		https://nvd.nist.gov/vuln/detail/CVE-2024-23672
GHSA-v682-8vv8-vpwr		https://github.com/advisories/GHSA-v682-8vv8-vpwr
RHSA-2024:1913		https://access.redhat.com/errata/RHSA-2024:1913
RHSA-2024:1914		https://access.redhat.com/errata/RHSA-2024:1914
RHSA-2024:1916		https://access.redhat.com/errata/RHSA-2024:1916
RHSA-2024:1917		https://access.redhat.com/errata/RHSA-2024:1917
RHSA-2024:3307		https://access.redhat.com/errata/RHSA-2024:3307
RHSA-2024:3308		https://access.redhat.com/errata/RHSA-2024:3308
RHSA-2024:3666		https://access.redhat.com/errata/RHSA-2024:3666
RHSA-2024:3814		https://access.redhat.com/errata/RHSA-2024:3814
USN-7106-1		https://usn.ubuntu.com/7106-1/
USN-7562-1		https://usn.ubuntu.com/7562-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23672

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://security.netapp.com/advisory/ntap-20240402-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://security.netapp.com/advisory/ntap-20240402-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://security.netapp.com/advisory/ntap-20240402-0002/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.openwall.com/lists/oss-security/2024/03/13/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at http://www.openwall.com/lists/oss-security/2024/03/13/4

Exploit Prediction Scoring System (EPSS)

Percentile	0.11214
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:18:37.813471+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-23672	34.0.0rc4