CVE-2024-52318
Aliases:GHSA-f632-9449-3j4wBIT-tomcat-2024-52318
Advisory lineage Upstream: 0 Downstream: 3
Analyzed
Published: 18 Nov 2024, 12:21
Last modified:31 Jan 2025, 15:02
Vulnerability Summary
Overall Risk (default)
medium
27/100 CVSS Score
6.1 MEDIUM
v3.1 (cve.org)
EPSS Score
15.47% MEDIUM
15% probability +3.47%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
18 Nov 2024, 12:21
Published
Vulnerability first disclosed
31 Jan 2025, 15:02
Last Modified
Vulnerability information updated
Description
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Trends
Current EPSS score: 15.47%• Percentile: 95%
Techniques & Countermeasures
- CWE-326•Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Affected Systems
- apache software foundation•apache tomcat
11.0.0 | 10.1.31 | 9.0.96
- Unknown•Tomcat
9.0.96 | 10.1.31 | 11.0.0
- org.apache.tomcat•tomcat-jasper
≥ 11.0.0, < 11.0.1 | ≥ 10.1.31, < 10.1.32 | ≥ 9.0.96, < 9.0.97
References (10)
- https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9
- http://www.openwall.com/lists/oss-security/2024/11/18/4
- https://security.netapp.com/advisory/ntap-20250131-0009/
- https://nvd.nist.gov/vuln/detail/CVE-2024-52318
- https://github.com/apache/tomcat/commit/8d1fc4733a06d1a03b9d644c57010f2ec5f0df38
- https://github.com/apache/tomcat/commit/9813c5dd3259183f659bbb83312a5cf673cc1ebf
- https://github.com/apache/tomcat/commit/be8e32143a3159e78fe5463d09bb8e1b33bf2b1f
- https://bz.apache.org/bugzilla/show_bug.cgi?id=69333
- https://github.com/apache/tomcat
- https://security.netapp.com/advisory/ntap-20250131-0009