CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-34750

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.06202/1

CVE-2024-34750 is a vulnerability in Apache Tomcat relating to improper handling of exceptional conditions and uncontrolled resource consumption. Specifically, Tomcat fails to properly manage excessive HTTP headers in HTTP/2 streams. This leads to incorrect accounting of active streams and the use of an incorrect timeout, allowing connections that should be closed to remain open, potentially causing a denial-of-service. The vulnerability affects Apache Tomcat versions 11.0.0-M1 through 11.0.0-M20, 10.1.0-M1 through 10.1.24, and 9.0.0-M1 through 9.0.89. While the CVSS score is 0, the SVRS score is 30, suggesting a lower immediate risk, but administrators should still upgrade to versions 11.0.0-M21, 10.1.25, or 9.0.90 to mitigate the potential for resource exhaustion. This vulnerability is significant because it allows malicious actors to potentially overwhelm Tomcat servers by keeping connections open indefinitely, leading to service disruptions.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-07-03
LAST MODIFIED2024-07-09

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-34750 | Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 HTTP/2 Stream exceptional condition (Nessus ID 212124)
vuldb.com2024-12-06
CVE-2024-34750 | Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 HTTP/2 Stream exceptional condition (Nessus ID 212124) | A vulnerability was found in Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP2 Stream Handler. The manipulation leads to handling of exceptional conditions. This vulnerability was named CVE-2024-34750. The attack can be initiated
vuldb.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS ON POLYFILL SUPPLY CHAIN ATTACK AND MOVEit, CISCO NX-OS, OPENSSH, APACHE TOMCAT, PROGRESS’ WHATSUP GOLD, AND MICROSOFT MSHTML VULNERABILITIES
Ferdi Gül2024-07-12
FOCUS FRIDAY: TPRM INSIGHTS ON POLYFILL SUPPLY CHAIN ATTACK AND MOVEit, CISCO NX-OS, OPENSSH, APACHE TOMCAT, PROGRESS’ WHATSUP GOLD, AND MICROSOFT MSHTML VULNERABILITIES | Written By: Ferdi GulContributor: Ferhat Dikbiyik Welcome to this week&#8217;s Focus Friday blog, where we delve into critical vulnerabilities impacting today&#8217;s digital landscape from a Third-Party Risk Management (TPRM) perspective. In this edition, we explore significant threats associated with Progress’ MOVEit, Cisco NX-OS, OpenSSH, Apache Tomcat, Polyfill, Progress’ WhatsUp Gold, Microsoft MSHTML. Understanding these vulnerabilities [&#8230;] The post <a href
cve-2024-5806
cve-2024-29849
cve-2024-23692
cve-2024-4577
CVE-2024-34750 | Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 HTTP/2 Stream exceptional condition
vuldb.com2024-07-03
CVE-2024-34750 | Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 HTTP/2 Stream exceptional condition | A vulnerability was found in Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP2 Stream Handler. The manipulation leads to handling of exceptional conditions. This vulnerability was named CVE-2024-34750. The attack can be initiated remotely. There is
cve-2024-34750
domains
urls
cves

Social Media

🚨 CVE-2024-34750: Apache Tomcat up to 11.0.0-M20 vulnerable to HTTP/2 Stream exceptional condition. Risk: Problematic. Upgrade Tomcat to mitigate. #InfoSec #PatchNow
0
0
0
Update spring boot for tomcat CVE-2024-34750 #java #springboot #tomcat https://t.co/0QBgwedMjL
0
0
0
CVE alert 🚨 The recently discovered and actively exploited CVE (CVE-2024-34750), has been integrated into Patrowl's scans. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Patrowl #CVE
0
0
0
Apache Tomcat’ta Kritik DoS Açığı: Binlerce Sunucu Tehlikede (CVE-2024-34750) https://t.co/0Aao6zQZfk https://t.co/TDGGpN6Q6j
0
1
1
CVE-2024-34750 Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP he... https://t.co/fm18lC6sMT
0
0
0
CVE-2024-34750 Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle… https://t.co/uM4JCwxJdO
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l

CWE Details

CWE IDCWE NameDescription
CWE-755Improper Handling of Exceptional ConditionsThe software does not handle or incorrectly handles an exceptional condition.
CWE-400Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence