VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-s526-jddr-jqd1

Essentials
Severities (105)
References (73)
Severity details (22)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s526-jddr-jqd1
Aliases	CVE-2024-38286 GHSA-7jqf-v358-p8g7
Summary	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-400	Uncontrolled Resource Consumption
CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00426	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00426	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00481	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00481	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00481	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00481	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00481	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00481	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00535	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss	0.01795	https://api.first.org/data/v1/epss?cve=CVE-2024-38286
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-7jqf-v358-p8g7
cvssv3.1	8.6	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
cvssv3.1	8.6	https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
generic_textual	HIGH	https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
cvssv3.1	8.6	https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
generic_textual	HIGH	https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
cvssv3.1	8.6	https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
generic_textual	HIGH	https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
cvssv3.1	8.6	https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
generic_textual	HIGH	https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
ssvc	Track	https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-38286
cvssv3.1	8.6	https://nvd.nist.gov/vuln/detail/CVE-2024-38286
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-38286
cvssv3.1	8.6	https://security.netapp.com/advisory/ntap-20241101-0010
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20241101-0010
cvssv3.1	8.6	http://www.openwall.com/lists/oss-security/2024/09/23/2
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2024/09/23/2

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-38286
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
		https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
		https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
		https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
		https://nvd.nist.gov/vuln/detail/CVE-2024-38286
		https://security.netapp.com/advisory/ntap-20241101-0010
		https://security.netapp.com/advisory/ntap-20241101-0010/
		http://www.openwall.com/lists/oss-security/2024/09/23/2
2314686		https://bugzilla.redhat.com/show_bug.cgi?id=2314686
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere::
cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
CVE-2024-38286		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
GHSA-7jqf-v358-p8g7		https://github.com/advisories/GHSA-7jqf-v358-p8g7
RHSA-2024:4976		https://access.redhat.com/errata/RHSA-2024:4976
RHSA-2024:4977		https://access.redhat.com/errata/RHSA-2024:4977
RHSA-2024:5024		https://access.redhat.com/errata/RHSA-2024:5024
RHSA-2024:5025		https://access.redhat.com/errata/RHSA-2024:5025
RHSA-2024:5693		https://access.redhat.com/errata/RHSA-2024:5693
RHSA-2024:5694		https://access.redhat.com/errata/RHSA-2024:5694
RHSA-2024:5695		https://access.redhat.com/errata/RHSA-2024:5695
RHSA-2024:5696		https://access.redhat.com/errata/RHSA-2024:5696
RHSA-2024:8494		https://access.redhat.com/errata/RHSA-2024:8494
RHSA-2024:8497		https://access.redhat.com/errata/RHSA-2024:8497
RHSA-2024:8528		https://access.redhat.com/errata/RHSA-2024:8528
RHSA-2024:8543		https://access.redhat.com/errata/RHSA-2024:8543
RHSA-2024:8567		https://access.redhat.com/errata/RHSA-2024:8567
RHSA-2024:8572		https://access.redhat.com/errata/RHSA-2024:8572
USN-7562-1		https://usn.ubuntu.com/7562-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/ Found at https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20241101-0010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/09/23/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.10184
EPSS Score	0.00043
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-09-23T14:31:01.242699+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-11.html	34.0.1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-38286
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
		https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
		https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
		https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
		https://nvd.nist.gov/vuln/detail/CVE-2024-38286
		https://security.netapp.com/advisory/ntap-20241101-0010
		https://security.netapp.com/advisory/ntap-20241101-0010/
		http://www.openwall.com/lists/oss-security/2024/09/23/2
2314686		https://bugzilla.redhat.com/show_bug.cgi?id=2314686
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere::
cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
CVE-2024-38286		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
GHSA-7jqf-v358-p8g7		https://github.com/advisories/GHSA-7jqf-v358-p8g7
RHSA-2024:4976		https://access.redhat.com/errata/RHSA-2024:4976
RHSA-2024:4977		https://access.redhat.com/errata/RHSA-2024:4977
RHSA-2024:5024		https://access.redhat.com/errata/RHSA-2024:5024
RHSA-2024:5025		https://access.redhat.com/errata/RHSA-2024:5025
RHSA-2024:5693		https://access.redhat.com/errata/RHSA-2024:5693
RHSA-2024:5694		https://access.redhat.com/errata/RHSA-2024:5694
RHSA-2024:5695		https://access.redhat.com/errata/RHSA-2024:5695
RHSA-2024:5696		https://access.redhat.com/errata/RHSA-2024:5696
RHSA-2024:8494		https://access.redhat.com/errata/RHSA-2024:8494
RHSA-2024:8497		https://access.redhat.com/errata/RHSA-2024:8497
RHSA-2024:8528		https://access.redhat.com/errata/RHSA-2024:8528
RHSA-2024:8543		https://access.redhat.com/errata/RHSA-2024:8543
RHSA-2024:8567		https://access.redhat.com/errata/RHSA-2024:8567
RHSA-2024:8572		https://access.redhat.com/errata/RHSA-2024:8572
USN-7562-1		https://usn.ubuntu.com/7562-1/