CVE-2024-34750

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M20 Apache Tomcat versions 10.1.0-M1 through 10.1.24 Apache Tomcat versions 9.0.0-M1 through 9.0.89

Description The issue is related to the improper handling of exceptional conditions and uncontrolled resource consumption in Apache Tomcat when processing an HTTP/2 stream. This led to a miscounting of active HTTP/2 streams, which in turn led to the use of an incorrect infinite timeout, allowing connections to remain open that should have been closed. It is estimated that over 50,300 services are potentially affected.

Recommendations To resolve the issue, users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. For versions 11.0.0-M1 through 11.0.0-M20, upgrade to version 11.0.0-M21. For versions 10.1.0-M1 through 10.1.24, upgrade to version 10.1.25. For versions 9.0.0-M1 through 9.0.89, upgrade to version 9.0.90.