PT-2024-8693 · Apache+5 · Apache Tomcat+5

Mark Thomas

Published

2024-02-03

Updated

2025-08-20

CVE-2024-52317

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M23 through 11.0.0-M26 Apache Tomcat versions 10.1.27 through 10.1.30 Apache Tomcat versions 9.0.92 through 9.0.95

Description The issue is related to incorrect object re-cycling and re-use in Apache Tomcat, specifically affecting the recycling of requests and responses used by HTTP/2 requests. This could lead to a mix-up of requests and/or responses between users, potentially causing sensitive data leaks.

Recommendations For Apache Tomcat versions 11.0.0-M23 through 11.0.0-M26, upgrade to version 11.0.0 to fix the issue. For Apache Tomcat versions 10.1.27 through 10.1.30, upgrade to version 10.1.31 to fix the issue. For Apache Tomcat versions 9.0.92 through 9.0.95, upgrade to version 9.0.96 to fix the issue.

Exploit

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-391

Related Identifiers

ALT-PU-2025-1726

ALT-PU-2025-2379

BDU:2024-10291

BDU:2024-10295

BIT-TOMCAT-2024-52317

CVE-2024-52317

GHSA-QVF5-HVJX-WM27

OPENSUSE-SU-2025:14911-1

OPENSUSE-SU-2025:14915-1

OPENSUSE-SU-2025_0033-1

OPENSUSE-SU-2025_0058-1

SUSE-SU-2025:0033-1

SUSE-SU-2025:0058-1

USN-7705-1

Affected Products

Alt Linux

Apache Tomcat

Linuxmint

Red Os

Suse

Ubuntu

PT-2024-8693 · Apache+5 · Apache Tomcat+5

CVE-2024-52317

Weakness Enumeration

Related Identifiers

Affected Products

References · 78