5.3

CVE-2024-54677

Apache Tomcat: DoS in examples web application

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions 
may also be affected.


Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version >= 9.0.0 < 9.0.98
ApacheTomcat Version >= 10.1.0 < 10.1.34
ApacheTomcat Version >= 11.0.0 < 11.0.2
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.91% 0.772
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n
Vendor Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2024/12/17/5
Mailing List
http://www.openwall.com/lists/oss-security/2024/12/17/6
Mailing List
http://www.openwall.com/lists/oss-security/2024/12/18/1
Mailing List
https://security.netapp.com/advisory/ntap-20250131-0006/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html