CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-52317

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.006/1

CVE-2024-52317 is a critical vulnerability in Apache Tomcat affecting versions 11.0.0-M23 to 11.0.0-M26, 10.1.27 to 10.1.30, and 9.0.92 to 9.0.95. This flaw arises from incorrect recycling of HTTP/2 request and response objects, potentially leading to data mix-up between different users. With an SVRS score of 30, while not immediately critical, the vulnerability requires monitoring and prompt patching. The vulnerability exposes the risk of sensitive information leakage between users due to request/response contamination. Upgrade to versions 11.0.0-M27, 10.1.31, or 9.0.96 to mitigate the potential for unintended data exposure. Although the CVSS score is 0, indicating no direct exploitability, the 'In The Wild' tag suggests awareness of the flaw, making patching a high priority. Addressing this object re-use issue is crucial to ensure data integrity and application security for Apache Tomcat users.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2024-11-18
LAST MODIFIED2025-01-24
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-52317 is a vulnerability in Apache Tomcat that arises from incorrect object recycling and reuse in the handling of HTTP/2 requests. This vulnerability could lead to a request and/or response mix-up between different users, potentially exposing sensitive information or causing other security issues. The CVSS score for this vulnerability is 6.5, indicating a medium severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) is 52, which is considered moderate, highlighting the potential for significant real-world impact.

Key Insights

  • HTTP/2 Protocol Exploitation: The vulnerability exploits a weakness in the implementation of the HTTP/2 protocol within Apache Tomcat. This could potentially lead to attackers manipulating the request and response handling process to gain unauthorized access or intercept sensitive data.
  • Potential for Data Breaches: The mix-up of requests and responses can compromise data confidentiality. An attacker could potentially access data intended for another user, leading to unauthorized access or data breaches.
  • In The Wild: This vulnerability is actively being exploited in the wild, indicating that attackers are actively developing and deploying exploits to target vulnerable systems.
  • Wide Impact: This vulnerability affects multiple versions of Apache Tomcat, including widely used versions such as 11.0.0-M23 through 11.0.0-M26, 10.1.27 through 10.1.30, and 9.0.92 through 9.0.95. This means a large number of systems could be vulnerable.

Mitigation Strategies

  • Upgrade Apache Tomcat: Immediately upgrade to the latest versions of Apache Tomcat (11.0.0, 10.1.31, or 9.0.96) which address this vulnerability.
  • Disable HTTP/2: As a temporary mitigation strategy, disable HTTP/2 support in Apache Tomcat, although this may impact performance.
  • Implement Strong Access Controls: Enforce strong access controls and user authentication mechanisms to minimize the impact of potential data breaches.
  • Regular Security Monitoring: Maintain regular security monitoring and threat intelligence feeds to detect any suspicious activity related to this vulnerability.

Additional Information

If you have any further questions regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-52317 | Apache Tomcat up to 9.0.95/10.1.30/11.0.0-M26 HTTP/2 Request inadequate encryption (Nessus ID 211506)
vuldb.com2025-01-25
CVE-2024-52317 | Apache Tomcat up to 9.0.95/10.1.30/11.0.0-M26 HTTP/2 Request inadequate encryption (Nessus ID 211506) | A vulnerability was found in Apache Tomcat up to 9.0.95/10.1.30/11.0.0-M26. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP2 Request Handler. The manipulation leads to inadequate encryption strength. This vulnerability was named CVE-2024-52317. The attack can be initiated remotely
vuldb.com
rss
forum
news
CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2
2024-11-18
CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2 | Posted by Mark Thomas on Nov 18Severity: important Affected versions: - Apache Tomcat 11.0.0-M23 through 11.0.0-M26 - Apache Tomcat 10.1.27 through 10.1.30 - Apache Tomcat 9.0.92 through 9.0.95 Description: Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests
seclists.org
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/11/18/3
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250124-0004/
[email protected]https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs

CWE Details

CWE IDCWE NameDescription
CWE-326Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence