6.1

CVE-2024-52318

Apache Tomcat: Incorrect JSP tag recycling leads to XSS

Incorrect object recycling and reuse vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.

Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version9.0.96
ApacheTomcat Version10.1.31
ApacheTomcat Version11.0.0 Update-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.739
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/18/4
Mailing List
https://security.netapp.com/advisory/ntap-20250131-0009/
Third Party Advisory