I’M UNDER A CYBER ATTACK

Alert

Alert 2024-40 Critical Vulnerability in Apache Tomcat DoS CVE-2024-38286

Affected Product(s):

  • Apache Tomcat 9.0.13 – 9.0.89
  • Apache Tomcat 10.1.0 M1 – 10.1.24
  • Apache Tomcat 11.0.0 M1 – 11.0.0 M20

Description:

A critical vulnerability has been discovered in Apache Tomcat, affecting versions up to 9.0.89, 10.1.24, and 11.0.0-M20. This vulnerability, identified as CVE-2024-38286, is related to the TLS Handshake Handler component and allows for excessive resource consumption. The issue, classified under CWE-400 (Resource Exhaustion), arises from improper management of limited resources during the TLS handshake process, which can lead to memory exhaustion and impact service availability.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy