Unsolved
1 Rookie
•
8 Posts
0
124
CVE-2024-34750 - Apache Tomcat is prone to a denial of service (DoS)
Hello,
installed WMS 4.4, our Greenbone Scanner told us there is a Security issue in the internal Apache of WMS 4.4.
Summary
Apache Tomcat is prone to a denial of service (DoS) vulnerability.Detection Result
Installed version: 10.1.20 Fixed version: 10.1.25 Installation path / port: 443/tcpProduct Detection Result
Insight
When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.Detection Method
Checks if a vulnerable version is present on the target host.
Affected Software/OS
Apache Tomcat versions 9.0.0-M1 through 9.0.89, 10.1.0-M1 through 10.1.24 and 11.0.0-M1 through 11.0.0-M20.Solution
Solution Type:Vendorfix Update to version 9.0.90, 10.1.25, 11.0.0-M21 or later.References
I fix is not available on the Download Portal.
Talked to Support 1 Minute ago, they told me to install 4.3 will fix my Problem, and i only have limited support because of standart Licence.
Dont think an older Version will fix the CVE.
Do you have any Information about a Security Patch for 4.4?
Regards
Marc
Rburdick
1 Rookie
1 Rookie
•
1 Message
0
August 12th, 2024 18:29
Vulnerability was also flagged by our scanners as well. Updated to the latest available version 4.4, but it did not clear the vulnerability. Really need a security patch for this, the older version 4.3 does not fix the issue as that was the version we were on when it was flagged.