Search for vulnerabilities
Vulnerability details: VCID-g7xq-ftd5-dfeb
Vulnerability ID VCID-g7xq-ftd5-dfeb
Aliases CVE-2024-23672
GHSA-v682-8vv8-vpwr
Summary Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-459 Incomplete Cleanup
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00464 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00464 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2024-23672
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-v682-8vv8-vpwr
cvssv3.1 6.3 https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat
cvssv3.1 6.3 https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
generic_textual MODERATE https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
cvssv3.1 6.3 https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
generic_textual MODERATE https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
cvssv3.1 6.3 https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
generic_textual MODERATE https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
cvssv3.1 6.3 https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
generic_textual MODERATE https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
cvssv3.1 6.3 https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
generic_textual MODERATE https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
ssvc Track https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
cvssv3.1 6.3 https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
cvssv3.1 6.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
cvssv3.1 6.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
cvssv3.1 6.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
cvssv3.1 6.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
cvssv3.1 6.3 https://nvd.nist.gov/vuln/detail/CVE-2024-23672
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-23672
cvssv3.1 6.3 https://security.netapp.com/advisory/ntap-20240402-0002
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20240402-0002
cvssv3.1 6.3 https://security.netapp.com/advisory/ntap-20240402-0002/
ssvc Track https://security.netapp.com/advisory/ntap-20240402-0002/
cvssv3.1 6.3 http://www.openwall.com/lists/oss-security/2024/03/13/4
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2024/03/13/4
ssvc Track http://www.openwall.com/lists/oss-security/2024/03/13/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json
https://api.first.org/data/v1/epss?cve=CVE-2024-23672
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
https://nvd.nist.gov/vuln/detail/CVE-2024-23672
https://security.netapp.com/advisory/ntap-20240402-0002
http://www.openwall.com/lists/oss-security/2024/03/13/4
1066877 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877
2269608 https://bugzilla.redhat.com/show_bug.cgi?id=2269608
3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
736G4GPZWS2DSQO5WKXO3G6OMZKFEK55 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-23672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
GHSA-v682-8vv8-vpwr https://github.com/advisories/GHSA-v682-8vv8-vpwr
ntap-20240402-0002 https://security.netapp.com/advisory/ntap-20240402-0002/
RHSA-2024:1913 https://access.redhat.com/errata/RHSA-2024:1913
RHSA-2024:1914 https://access.redhat.com/errata/RHSA-2024:1914
RHSA-2024:1916 https://access.redhat.com/errata/RHSA-2024:1916
RHSA-2024:1917 https://access.redhat.com/errata/RHSA-2024:1917
RHSA-2024:3307 https://access.redhat.com/errata/RHSA-2024:3307
RHSA-2024:3308 https://access.redhat.com/errata/RHSA-2024:3308
RHSA-2024:3666 https://access.redhat.com/errata/RHSA-2024:3666
RHSA-2024:3814 https://access.redhat.com/errata/RHSA-2024:3814
USN-7106-1 https://usn.ubuntu.com/7106-1/
USN-7562-1 https://usn.ubuntu.com/7562-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23672.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/apache/tomcat/commit/b0e3b1bd78de270d53e319d7cb79eb282aa53cb9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://security.netapp.com/advisory/ntap-20240402-0002
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://security.netapp.com/advisory/ntap-20240402-0002/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at https://security.netapp.com/advisory/ntap-20240402-0002/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.openwall.com/lists/oss-security/2024/03/13/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:10:26Z/ Found at http://www.openwall.com/lists/oss-security/2024/03/13/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.56359
EPSS Score 0.00342
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:03:16.394257+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-11.html 37.0.0