VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yktk-48uz-aaac

Essentials
Severities (95)
References (48)
Severity details (24)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yktk-48uz-aaac
Aliases	CVE-2024-34750 GHSA-wm9w-rjj3-j356
Summary	Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-400	Uncontrolled Resource Consumption
CWE-755	Improper Handling of Exceptional Conditions
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.02612	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.03297	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.05757	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.05757	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.05757	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.06202	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.07188	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.0929	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.0929	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.0929	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.17068	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.19663	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.21158	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.21158	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.21158	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.21158	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.21158	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.21158	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
epss	0.69996	https://api.first.org/data/v1/epss?cve=CVE-2024-34750
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-wm9w-rjj3-j356
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
generic_textual	HIGH	https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
generic_textual	HIGH	https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
generic_textual	HIGH	https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
cvssv3.1	7.5	https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
generic_textual	HIGH	https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-34750
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-34750
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20240816-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20240816-0004
cvssv3.1	7.5	https://tomcat.apache.org/security-10.html
generic_textual	HIGH	https://tomcat.apache.org/security-10.html
cvssv3.1	7.5	https://tomcat.apache.org/security-11.html
generic_textual	HIGH	https://tomcat.apache.org/security-11.html
cvssv3.1	7.5	https://tomcat.apache.org/security-9.html
generic_textual	HIGH	https://tomcat.apache.org/security-9.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-34750
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
		https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
		https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
		https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
		https://security.netapp.com/advisory/ntap-20240816-0004
		https://security.netapp.com/advisory/ntap-20240816-0004/
		https://tomcat.apache.org/security-10.html
		https://tomcat.apache.org/security-11.html
		https://tomcat.apache.org/security-9.html
2295651		https://bugzilla.redhat.com/show_bug.cgi?id=2295651
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
CVE-2024-34750		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
CVE-2024-34750		https://nvd.nist.gov/vuln/detail/CVE-2024-34750
GHSA-wm9w-rjj3-j356		https://github.com/advisories/GHSA-wm9w-rjj3-j356
RHSA-2024:4976		https://access.redhat.com/errata/RHSA-2024:4976
RHSA-2024:4977		https://access.redhat.com/errata/RHSA-2024:4977
RHSA-2024:5024		https://access.redhat.com/errata/RHSA-2024:5024
RHSA-2024:5025		https://access.redhat.com/errata/RHSA-2024:5025
RHSA-2024:5693		https://access.redhat.com/errata/RHSA-2024:5693
RHSA-2024:5694		https://access.redhat.com/errata/RHSA-2024:5694
RHSA-2024:5695		https://access.redhat.com/errata/RHSA-2024:5695
RHSA-2024:5696		https://access.redhat.com/errata/RHSA-2024:5696
USN-7562-1		https://usn.ubuntu.com/7562-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-34750

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240816-0004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-10.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-11.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-9.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.09902
EPSS Score	0.00043
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-07-03T20:06:44.695019+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-11.html	34.0.0rc4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-34750
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2
		https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3
		https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f
		https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
		https://security.netapp.com/advisory/ntap-20240816-0004
		https://security.netapp.com/advisory/ntap-20240816-0004/
		https://tomcat.apache.org/security-10.html
		https://tomcat.apache.org/security-11.html
		https://tomcat.apache.org/security-9.html
2295651		https://bugzilla.redhat.com/show_bug.cgi?id=2295651
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
CVE-2024-34750		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
CVE-2024-34750		https://nvd.nist.gov/vuln/detail/CVE-2024-34750
GHSA-wm9w-rjj3-j356		https://github.com/advisories/GHSA-wm9w-rjj3-j356
RHSA-2024:4976		https://access.redhat.com/errata/RHSA-2024:4976
RHSA-2024:4977		https://access.redhat.com/errata/RHSA-2024:4977
RHSA-2024:5024		https://access.redhat.com/errata/RHSA-2024:5024
RHSA-2024:5025		https://access.redhat.com/errata/RHSA-2024:5025
RHSA-2024:5693		https://access.redhat.com/errata/RHSA-2024:5693
RHSA-2024:5694		https://access.redhat.com/errata/RHSA-2024:5694
RHSA-2024:5695		https://access.redhat.com/errata/RHSA-2024:5695
RHSA-2024:5696		https://access.redhat.com/errata/RHSA-2024:5696
USN-7562-1		https://usn.ubuntu.com/7562-1/