CVE-2024-23672: Apache Tomcat: WebSocket DoS with incomplete closing handshake

CVE-2024-23672: Apache Tomcat: WebSocket DoS with incomplete closing handshake

Open Source Security [[{„value“:“

Posted by Mark Thomas on Mar 13

Severity: important

Affected versions:

– Apache Tomcat 11.0.0-M1 through 11.0.0-M16
– Apache Tomcat 10.1.0-M1 through 10.1.18
– Apache Tomcat 9.0.0-M1 through 9.0.85
– Apache Tomcat 8.5.0 through 8.5.98

Description:

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat.
It was possible for WebSocket clients to keep WebSocket connections open
leading to increased resource consumption.This issue affects Apache
Tomcat: from…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert