[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-54677":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":90,"downstream":91,"duplicates":118,"related":119,"reserved_at":9,"published_at":127,"modified_at":128,"state":129,"summary":130,"references_raw":139,"kevs":284,"epss":285,"epss_history":288,"metrics":548,"affected":561},"CVE-2024-54677","Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88,89],"GHSA-653p-vg55-5652","BIT-tomcat-2024-54677",[],[92,94,96,98,100,102,104,106,108,110,112,114,116],{"_key":93},"SUSE-SU-2025:0394-1",{"_key":95},"SUSE-SU-2025:0033-1",{"_key":97},"SUSE-SU-2025:0058-1",{"_key":99},"OPENSUSE-SU-2025:14622-1",{"_key":101},"OPENSUSE-SU-2025:14623-1",{"_key":103},"DLA-4244-1",{"_key":105},"DSA-5845-1",{"_key":107},"SUSE-SU-2026:1058-1",{"_key":109},"MGASA-2024-0394",{"_key":111},"USN-7705-1",{"_key":113},"DEBIAN-CVE-2024-54677",{"_key":115},"RHSA-2025:7497",{"_key":117},"UBUNTU-CVE-2024-54677",[],[120,121,122,123,124,125,126],{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":107},{"_key":109},"2024-12-17T12:35:50.948Z","2025-11-03T19:32:11.848Z","Modified",{"cisa_kev":131,"cisa_ransomware":131,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":134,"severity_score":135,"severity_version":136,"severity_source":137,"severity_vector":138,"severity_status":129},false,"low",0.01228,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",[140,149,153,157,161,166,170,175,179,183,187,191,195,199,203,207,211,215,219,223,227,231,235,239,243,247,251,255,259,263,267,271,275,279],{"url":141,"sources":142,"tags":145},"https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n",[137,143,144],"nvd","osv_maven",[146,147,148],"Vendor Advisory","Mailing List","WEB",{"url":150,"sources":151,"tags":152},"http://www.openwall.com/lists/oss-security/2024/12/17/5",[137,143,144],[147,148],{"url":154,"sources":155,"tags":156},"http://www.openwall.com/lists/oss-security/2024/12/17/6",[137,143,144],[147,148],{"url":158,"sources":159,"tags":160},"http://www.openwall.com/lists/oss-security/2024/12/18/1",[137,143,144],[147,148],{"url":162,"sources":163,"tags":164},"https://security.netapp.com/advisory/ntap-20250131-0006/",[137,143],[165],"Third Party Advisory",{"url":167,"sources":168,"tags":169},"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",[137,143,144],[148],{"url":171,"sources":172,"tags":173},"https://nvd.nist.gov/vuln/detail/CVE-2024-54677",[144],[174],"Advisory",{"url":176,"sources":177,"tags":178},"https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4",[144],[148],{"url":180,"sources":181,"tags":182},"https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585",[144],[148],{"url":184,"sources":185,"tags":186},"https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444",[144],[148],{"url":188,"sources":189,"tags":190},"https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb",[144],[148],{"url":192,"sources":193,"tags":194},"https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213",[144],[148],{"url":196,"sources":197,"tags":198},"https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044",[144],[148],{"url":200,"sources":201,"tags":202},"https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a",[144],[148],{"url":204,"sources":205,"tags":206},"https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66",[144],[148],{"url":208,"sources":209,"tags":210},"https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1",[144],[148],{"url":212,"sources":213,"tags":214},"https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a",[144],[148],{"url":216,"sources":217,"tags":218},"https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533",[144],[148],{"url":220,"sources":221,"tags":222},"https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e",[144],[148],{"url":224,"sources":225,"tags":226},"https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654",[144],[148],{"url":228,"sources":229,"tags":230},"https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc",[144],[148],{"url":232,"sources":233,"tags":234},"https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1",[144],[148],{"url":236,"sources":237,"tags":238},"https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c",[144],[148],{"url":240,"sources":241,"tags":242},"https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd",[144],[148],{"url":244,"sources":245,"tags":246},"https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746",[144],[148],{"url":248,"sources":249,"tags":250},"https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a",[144],[148],{"url":252,"sources":253,"tags":254},"https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4",[144],[148],{"url":256,"sources":257,"tags":258},"https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d",[144],[148],{"url":260,"sources":261,"tags":262},"https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd",[144],[148],{"url":264,"sources":265,"tags":266},"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34",[144],[148],{"url":268,"sources":269,"tags":270},"https://security.netapp.com/advisory/ntap-20250131-0006",[144],[148],{"url":272,"sources":273,"tags":274},"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2",[144],[148],{"url":276,"sources":277,"tags":278},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98",[144],[148],{"url":280,"sources":281,"tags":282},"https://github.com/apache/tomcat",[144],[283],"PACKAGE",[],{"date":286,"score":133,"percentile":287},"2026-06-04",0.79487,[289,293,296,298,301,304,307,310,312,315,318,321,323,326,329,333,336,339,342,345,348,350,353,355,357,359,362,365,369,372,374,377,380,383,385,387,389,392,395,398,401,404,407,410,413,416,419,421,424,426,429,432,435,437,440,443,446,448,451,454,457,460,463,466,469,472,475,478,481,484,486,489,491,494,498,501,505,508,511,514,517,520,523,526,530,533,535,538,541,544],{"date":290,"score":291,"percentile":292},"2025-11-04",0.07124,0.91137,{"date":294,"score":291,"percentile":295},"2025-11-05",0.91135,{"date":297,"score":291,"percentile":292},"2025-11-06",{"date":299,"score":291,"percentile":300},"2025-11-07",0.91144,{"date":302,"score":291,"percentile":303},"2025-11-08",0.91142,{"date":305,"score":291,"percentile":306},"2025-11-09",0.91139,{"date":308,"score":291,"percentile":309},"2025-11-10",0.9114,{"date":311,"score":291,"percentile":300},"2025-11-11",{"date":313,"score":291,"percentile":314},"2025-11-12",0.91147,{"date":316,"score":291,"percentile":317},"2025-11-13",0.9115,{"date":319,"score":291,"percentile":320},"2025-11-14",0.91152,{"date":322,"score":291,"percentile":317},"2025-11-15",{"date":324,"score":291,"percentile":325},"2025-11-16",0.91156,{"date":327,"score":291,"percentile":328},"2025-11-17",0.91154,{"date":330,"score":331,"percentile":332},"2025-11-18",0.05907,0.89679,{"date":334,"score":331,"percentile":335},"2025-11-19",0.89683,{"date":337,"score":331,"percentile":338},"2025-11-20",0.89686,{"date":340,"score":291,"percentile":341},"2025-11-21",0.91165,{"date":343,"score":291,"percentile":344},"2025-11-22",0.91166,{"date":346,"score":291,"percentile":347},"2025-11-23",0.9117,{"date":349,"score":291,"percentile":347},"2025-11-24",{"date":351,"score":291,"percentile":352},"2025-11-25",0.91171,{"date":354,"score":291,"percentile":347},"2025-11-26",{"date":356,"score":291,"percentile":352},"2025-11-27",{"date":358,"score":291,"percentile":341},"2025-11-28",{"date":360,"score":291,"percentile":361},"2025-11-29",0.91193,{"date":363,"score":291,"percentile":364},"2025-11-30",0.91192,{"date":366,"score":367,"percentile":368},"2025-12-01",0.04648,0.88939,{"date":370,"score":367,"percentile":371},"2025-12-02",0.88942,{"date":373,"score":367,"percentile":368},"2025-12-03",{"date":375,"score":291,"percentile":376},"2025-12-04",0.91187,{"date":378,"score":291,"percentile":379},"2025-12-05",0.91189,{"date":381,"score":291,"percentile":382},"2025-12-06",0.9119,{"date":384,"score":291,"percentile":376},"2025-12-07",{"date":386,"score":291,"percentile":379},"2025-12-08",{"date":388,"score":291,"percentile":361},"2025-12-09",{"date":390,"score":291,"percentile":391},"2025-12-10",0.91199,{"date":393,"score":291,"percentile":394},"2025-12-11",0.91205,{"date":396,"score":291,"percentile":397},"2025-12-12",0.91207,{"date":399,"score":291,"percentile":400},"2025-12-13",0.91196,{"date":402,"score":291,"percentile":403},"2025-12-14",0.91194,{"date":405,"score":291,"percentile":406},"2025-12-15",0.91198,{"date":408,"score":291,"percentile":409},"2025-12-16",0.91206,{"date":411,"score":291,"percentile":412},"2025-12-17",0.91215,{"date":414,"score":291,"percentile":415},"2025-12-18",0.91218,{"date":417,"score":291,"percentile":418},"2025-12-19",0.9122,{"date":420,"score":291,"percentile":418},"2025-12-20",{"date":422,"score":291,"percentile":423},"2025-12-21",0.91222,{"date":425,"score":291,"percentile":415},"2025-12-22",{"date":427,"score":291,"percentile":428},"2025-12-23",0.91228,{"date":430,"score":291,"percentile":431},"2025-12-24",0.91235,{"date":433,"score":291,"percentile":434},"2025-12-25",0.91236,{"date":436,"score":291,"percentile":431},"2025-12-26",{"date":438,"score":291,"percentile":439},"2025-12-27",0.91277,{"date":441,"score":291,"percentile":442},"2025-12-28",0.91234,{"date":444,"score":291,"percentile":445},"2025-12-29",0.91232,{"date":447,"score":291,"percentile":434},"2025-12-30",{"date":449,"score":291,"percentile":450},"2025-12-31",0.91245,{"date":452,"score":367,"percentile":453},"2026-01-01",0.89023,{"date":455,"score":367,"percentile":456},"2026-01-02",0.89017,{"date":458,"score":367,"percentile":459},"2026-01-03",0.89014,{"date":461,"score":291,"percentile":462},"2026-01-04",0.91259,{"date":464,"score":291,"percentile":465},"2026-01-05",0.91258,{"date":467,"score":291,"percentile":468},"2026-01-06",0.91262,{"date":470,"score":291,"percentile":471},"2026-01-07",0.91263,{"date":473,"score":291,"percentile":474},"2026-01-08",0.91265,{"date":476,"score":291,"percentile":477},"2026-01-09",0.9127,{"date":479,"score":291,"percentile":480},"2026-01-10",0.91274,{"date":482,"score":291,"percentile":483},"2026-01-11",0.91266,{"date":485,"score":291,"percentile":483},"2026-01-12",{"date":487,"score":291,"percentile":488},"2026-01-13",0.91264,{"date":490,"score":291,"percentile":439},"2026-01-14",{"date":492,"score":291,"percentile":493},"2026-01-15",0.91282,{"date":495,"score":496,"percentile":497},"2026-01-16",0.0937,0.92536,{"date":499,"score":496,"percentile":500},"2026-01-17",0.92538,{"date":502,"score":503,"percentile":504},"2026-01-18",0.07813,0.91711,{"date":506,"score":503,"percentile":507},"2026-01-19",0.91715,{"date":509,"score":503,"percentile":510},"2026-01-20",0.91717,{"date":512,"score":496,"percentile":513},"2026-01-21",0.92539,{"date":515,"score":496,"percentile":516},"2026-01-22",0.92542,{"date":518,"score":496,"percentile":519},"2026-01-23",0.92548,{"date":521,"score":496,"percentile":522},"2026-01-24",0.92556,{"date":524,"score":133,"percentile":525},"2026-01-25",0.78767,{"date":527,"score":528,"percentile":529},"2026-01-26",0.01262,0.79027,{"date":531,"score":528,"percentile":532},"2026-01-27",0.79026,{"date":534,"score":528,"percentile":529},"2026-01-28",{"date":536,"score":528,"percentile":537},"2026-01-29",0.79022,{"date":539,"score":528,"percentile":540},"2026-01-30",0.79025,{"date":542,"score":528,"percentile":543},"2026-01-31",0.79029,{"date":545,"score":546,"percentile":547},"2026-02-01",0.00753,0.72857,[549,554,556],{"source":137,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":550,"cvss_v4_0":9},{"baseScore":135,"baseSeverity":551,"vectorString":138,"impactScore":552,"exploitabilityScore":553},"MEDIUM",2.3,10,{"source":143,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":555,"cvss_v4_0":9},{"baseScore":135,"baseSeverity":551,"vectorString":138,"impactScore":552,"exploitabilityScore":553},{"source":144,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":557,"cvss_v4_0":558},{"baseScore":135,"baseSeverity":9,"vectorString":138,"impactScore":552,"exploitabilityScore":553},{"baseScore":559,"baseSeverity":9,"vectorString":560,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",[562,586,603,617,626],{"ecosystem":9,"name":563,"vendor":564,"product":565,"cpe_part":566,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":567},"Apache Tomcat","apache software foundation","apache tomcat","a",[568,574,578,582],{"version":569,"is_range":570,"range_type":137,"version_start":571,"version_start_type":572,"version_end":573,"version_end_type":572,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.1",true,"11.0.0-M1","including","11.0.1",{"version":575,"is_range":570,"range_type":137,"version_start":576,"version_start_type":572,"version_end":577,"version_end_type":572,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.33","10.1.0-M1","10.1.33",{"version":579,"is_range":570,"range_type":137,"version_start":580,"version_start_type":572,"version_end":581,"version_end_type":572,"fixed_in":9},">= 9.0.0.M1, \u003C= 9.0.97","9.0.0.M1","9.0.97",{"version":583,"is_range":570,"range_type":137,"version_start":584,"version_start_type":572,"version_end":585,"version_end_type":572,"fixed_in":9},">= 8.5.0, \u003C= 8.5.100","8.5.0","8.5.100",{"ecosystem":9,"name":587,"vendor":9,"product":587,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":588},"Tomcat",[589,595,599],{"version":590,"is_range":570,"range_type":591,"version_start":592,"version_start_type":572,"version_end":593,"version_end_type":594,"fixed_in":9},"gte9.0.0_lt9.0.98","cpe","9.0.0","9.0.98","excluding",{"version":596,"is_range":570,"range_type":591,"version_start":597,"version_start_type":572,"version_end":598,"version_end_type":594,"fixed_in":9},"gte10.1.0_lt10.1.34","10.1.0","10.1.34",{"version":600,"is_range":570,"range_type":591,"version_start":601,"version_start_type":572,"version_end":602,"version_end_type":594,"fixed_in":9},"gte11.0.0_lt11.0.2","11.0.0","11.0.2",{"ecosystem":604,"name":605,"vendor":606,"product":607,"cpe_part":9,"purl_type":608,"purl_namespace":606,"purl_name":607,"source":9,"versions":609},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[610,613,615],{"version":611,"is_range":570,"range_type":612,"version_start":571,"version_start_type":572,"version_end":602,"version_end_type":594,"fixed_in":9},"gte11_0_0_M1_lt11_0_2","ecosystem",{"version":614,"is_range":570,"range_type":612,"version_start":576,"version_start_type":572,"version_end":598,"version_end_type":594,"fixed_in":9},"gte10_1_0_M1_lt10_1_34",{"version":616,"is_range":570,"range_type":612,"version_start":580,"version_start_type":572,"version_end":593,"version_end_type":594,"fixed_in":9},"gte9_0_0_M1_lt9_0_98",{"ecosystem":604,"name":618,"vendor":606,"product":619,"cpe_part":9,"purl_type":608,"purl_namespace":606,"purl_name":619,"source":9,"versions":620},"org.apache.tomcat:tomcat-catalina","tomcat-catalina",[621,622,623,624],{"version":611,"is_range":570,"range_type":612,"version_start":571,"version_start_type":572,"version_end":602,"version_end_type":594,"fixed_in":9},{"version":614,"is_range":570,"range_type":612,"version_start":576,"version_start_type":572,"version_end":598,"version_end_type":594,"fixed_in":9},{"version":616,"is_range":570,"range_type":612,"version_start":580,"version_start_type":572,"version_end":593,"version_end_type":594,"fixed_in":9},{"version":625,"is_range":570,"range_type":612,"version_start":584,"version_start_type":572,"version_end":585,"version_end_type":572,"fixed_in":9},"gte8_5_0_lte8_5_100",{"ecosystem":9,"name":627,"vendor":628,"product":629,"cpe_part":630,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":631},"bootstrap os","netapp","bootstrap_os","o",[632],{"version":633,"is_range":131,"range_type":591,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na"]