CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-52316

High Severity
SVRS
40/100
CVSSv3
NA/10
EPSS
0.00737/1

CVE-2024-52316 is an authentication bypass vulnerability in Apache Tomcat. This flaw arises when Tomcat uses a custom Jakarta Authentication ServerAuthContext that throws an exception without setting an HTTP status, potentially leading to unauthorized access. Despite the low CVSS score (0), SOCRadar's Vulnerability Risk Score (SVRS) is 40, indicating a moderate level of risk considering observed threat landscape data. While there are no known Jakarta Authentication components exhibiting this behavior, the possibility of exploitation exists if a misconfigured component is used. This vulnerability affects Apache Tomcat versions 11.0.0-M1 to 11.0.0-M26, 10.1.0-M1 to 10.1.30, and 9.0.0-M1 to 9.0.95. Upgrading to versions 11.0.0, 10.1.31, or 9.0.96 is strongly recommended to mitigate this risk, ensuring robust authentication processes within Tomcat deployments.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2024-11-18
LAST MODIFIED2025-01-24
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-52316 is an Unchecked Error Condition vulnerability found in Apache Tomcat versions 11.0.0-M1 through 11.0.0-M26, 10.1.0-M1 through 10.1.30, and 9.0.0-M1 through 9.0.95. This vulnerability arises when Tomcat uses a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component that throws an exception during authentication without explicitly setting an HTTP status to indicate failure. This allows unauthorized users to bypass the authentication process and access sensitive data or resources.

While the CVSS score is 9.8, indicating a high severity, the SVRS score is 40, suggesting a moderate level of urgency. This discrepancy is due to the SVRS's unique approach, factoring in threat actor activity, exploit availability, and other intelligence beyond just the technical vulnerability.

Key Insights

  • Uncommon Exploitation: This vulnerability requires a specific configuration with custom Jakarta Authentication components that exhibit this behavior. While theoretically possible, it's unlikely that widely deployed Tomcat installations are vulnerable without intentional modification.
  • Limited Impact: The vulnerability allows bypassing authentication, but it doesn't directly provide attackers with any specific privileges or access to sensitive data. The impact depends on the resources protected by the bypassed authentication.
  • Potential for Future Abuse: The vulnerability highlights a potential risk that malicious actors could exploit if they create custom Jakarta Authentication components with deliberate error handling to bypass authentication.

Mitigation Strategies

  • Upgrade Tomcat: The most effective mitigation is to upgrade to Tomcat versions 11.0.0, 10.1.31 or 9.0.96 or later, which address the vulnerability.
  • Review Custom Jakarta Authentication Components: Organizations using custom Jakarta Authentication components should review their implementations to ensure proper error handling and HTTP status code setting during the authentication process.
  • Security Monitoring and Auditing: Implementing robust security monitoring and auditing practices can help detect and respond to potential unauthorized access attempts, even if the vulnerability is not actively exploited.

Additional Information

While there are no known reports of active exploitation in the wild, and no specific threat actors or APT groups are known to be exploiting this vulnerability, it is important to stay informed about the latest developments. SOCRadar's SVRS score indicates a moderate level of urgency, and it is advisable to take proactive steps to mitigate the vulnerability.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.834
2025-04-03
1.834 | Newly Added (4)Apache Tomcat CVE-2024-56337 VulnerabilityApache Tomcat CVE-2024-52316 VulnerabilityApache Tomcat CVE-2024-50379 VulnerabilitySecurity Vulnerabilities fixed in Zoom Desktop Client 6.3.0
fortiguard.com
rss
forum
news
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Ajit Jasrotia2025-02-24
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma | Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing […] The post ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse
allhackernews.com
rss
forum
news
CVE-2024-52316 | Apache Tomcat up to 9.0.95/10.1.30/11.0.0-M26 ServerAuthContext Component error condition (Nessus ID 211506)
vuldb.com2025-01-25
CVE-2024-52316 | Apache Tomcat up to 9.0.95/10.1.30/11.0.0-M26 ServerAuthContext Component error condition (Nessus ID 211506) | A vulnerability has been found in Apache Tomcat up to 9.0.95/10.1.30/11.0.0-M26 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ServerAuthContext Component. The manipulation leads to unchecked error condition. This vulnerability is known as CVE-2024-52316. The attack can be
vuldb.com
rss
forum
news
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8)
Ajit Jasrotia2024-12-09
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8) | This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies […] The post ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 –
allhackernews.com
rss
forum
news
CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
2024-11-18
CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API | Posted by Mark Thomas on Nov 18Severity: low Affected versions: - Apache Tomcat 11.0.0-M1 through 11.0.0-M26 - Apache Tomcat 10.1.0-M1 through 10.1.30 - Apache Tomcat 9.0.0-M1 through 9.0.95 Description: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly
seclists.org
rss
forum
news

Social Media

Trio of Apache Tomcat Flaws Disclosed: Authentication Bypass, HTTP/2 Request Mix-Up, and XSS Flaw Stay informed about the latest #Apache #Tomcat vulnerabilities, including CVE-2024-52316. Learn how to protect your web applications from potential attacks. https://t.co/VOl3hgUn9W
0
1
2
CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component… https://t.co/rwVyPZuwQV
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
SECURITY@APACHE.ORGhttps://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/11/18/2
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250124-0003/
SECURITY@APACHE.ORGhttps://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928

CWE Details

CWE IDCWE NameDescription
CWE-391Unchecked Error Condition[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence