Incomplete Cleanup
CVE-2024-23672
Summary
Denial of Service via an incomplete cleanup vulnerability in Apache Tomcat. WebSocket clients could keep WebSocket connections open leading to increased resource consumption. This issue affects Apache Tomcat: tomcat-embed-core, tomcat-embed-websocket and tomcat-websocket versions 8.5.0 through 8.5.98, 9.0.0-M1 through 9.0.85, 10.1.0-M1 through 10.1.18 and 11.0.0-M1 through 11.0.0-M16, and tomcat7-websocket versions 7.0.47 through 7.0.109.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-459 - Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
References
Advisory Timeline
- Published