PT-2024-9743 · Apache+7 · Apache Tomcat+7

Agostino Sarubbo

Published

2024-12-09

Updated

2026-03-26

CVE-2024-54677

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.1 Apache Tomcat versions 10.1.0-M1 through 10.1.33 Apache Tomcat versions 9.0.0.M1 through 9.0.97

Description The issue is related to an uncontrolled resource consumption vulnerability in the examples web application provided with Apache Tomcat, leading to a denial of service. This can be exploited by a remote attacker to cause a service disruption.

Recommendations For Apache Tomcat versions 11.0.0-M1 through 11.0.1, upgrade to version 11.0.2. For Apache Tomcat versions 10.1.0-M1 through 10.1.33, upgrade to version 10.1.34. For Apache Tomcat versions 9.0.0.M1 through 9.0.97, upgrade to version 9.0.98.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2025:7497

ALT-PU-2025-13307

ALT-PU-2025-1726

ALT-PU-2025-2379

BDU:2024-11479

BIT-TOMCAT-2024-54677

CVE-2024-54677

DLA-4244-1

DSA-5845-1

GHSA-653P-VG55-5652

MGASA-2024-0394

OESA-2024-2564

OPENSUSE-SU-2025:14622-1

OPENSUSE-SU-2025:14623-1

OPENSUSE-SU-2025_0033-1

OPENSUSE-SU-2025_0058-1

RHSA-2025:3608

RHSA-2025:7497

SUSE-SU-2025:0033-1

SUSE-SU-2025:0058-1

SUSE-SU-2025:0394-1

SUSE-SU-2025_0394-1

SUSE-SU-2026:1058-1

USN-7705-1

Affected Products

Alt Linux

Apache Tomcat

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

PT-2024-9743 · Apache+7 · Apache Tomcat+7

CVE-2024-54677

Weakness Enumeration

Related Identifiers

Affected Products

References · 163