Search for vulnerabilities
Vulnerability details: VCID-u6f8-n1an-87hz
Vulnerability ID VCID-u6f8-n1an-87hz
Aliases CVE-2024-38286
GHSA-7jqf-v358-p8g7
Summary Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-400 Uncontrolled Resource Consumption
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
epss 0.01356 https://api.first.org/data/v1/epss?cve=CVE-2024-38286
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-7jqf-v358-p8g7
cvssv3.1 8.6 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv3.1 8.6 https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
generic_textual HIGH https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
cvssv3.1 8.6 https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
generic_textual HIGH https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
cvssv3.1 8.6 https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
generic_textual HIGH https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
cvssv3.1 8.6 https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
generic_textual HIGH https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
ssvc Track https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-38286
cvssv3.1 8.6 https://nvd.nist.gov/vuln/detail/CVE-2024-38286
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-38286
cvssv3.1 8.6 https://security.netapp.com/advisory/ntap-20241101-0010
generic_textual HIGH https://security.netapp.com/advisory/ntap-20241101-0010
cvssv3.1 8.6 http://www.openwall.com/lists/oss-security/2024/09/23/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2024/09/23/2
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
https://api.first.org/data/v1/epss?cve=CVE-2024-38286
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
https://nvd.nist.gov/vuln/detail/CVE-2024-38286
https://security.netapp.com/advisory/ntap-20241101-0010
https://security.netapp.com/advisory/ntap-20241101-0010/
http://www.openwall.com/lists/oss-security/2024/09/23/2
2314686 https://bugzilla.redhat.com/show_bug.cgi?id=2314686
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*
CVE-2024-38286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286
GHSA-7jqf-v358-p8g7 https://github.com/advisories/GHSA-7jqf-v358-p8g7
RHSA-2024:4976 https://access.redhat.com/errata/RHSA-2024:4976
RHSA-2024:4977 https://access.redhat.com/errata/RHSA-2024:4977
RHSA-2024:5024 https://access.redhat.com/errata/RHSA-2024:5024
RHSA-2024:5025 https://access.redhat.com/errata/RHSA-2024:5025
RHSA-2024:5693 https://access.redhat.com/errata/RHSA-2024:5693
RHSA-2024:5694 https://access.redhat.com/errata/RHSA-2024:5694
RHSA-2024:5695 https://access.redhat.com/errata/RHSA-2024:5695
RHSA-2024:5696 https://access.redhat.com/errata/RHSA-2024:5696
RHSA-2024:8494 https://access.redhat.com/errata/RHSA-2024:8494
RHSA-2024:8497 https://access.redhat.com/errata/RHSA-2024:8497
RHSA-2024:8528 https://access.redhat.com/errata/RHSA-2024:8528
RHSA-2024:8543 https://access.redhat.com/errata/RHSA-2024:8543
RHSA-2024:8567 https://access.redhat.com/errata/RHSA-2024:8567
RHSA-2024:8572 https://access.redhat.com/errata/RHSA-2024:8572
USN-7562-1 https://usn.ubuntu.com/7562-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/ Found at https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38286
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38286
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20241101-0010
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/09/23/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.74157
EPSS Score 0.00863
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:03:16.367868+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-11.html 37.0.0