Author: markt
Date: Mon Sep 23 12:53:20 2024
New Revision: 1920861
URL: http://svn.apache.org/viewvc?rev=1920861&view=rev
Log:
Add CVE-2024-38286
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-11.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-10.xml
tomcat/site/trunk/xdocs/security-11.xml
tomcat/site/trunk/xdocs/security-9.xml
Modified: tomcat/site/trunk/docs/security-10.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-10.html (original)
+++ tomcat/site/trunk/docs/security-10.html Mon Sep 23 12:53:20 2024
@@ -62,6 +62,20 @@
<p>Affects: 10.1.0-M1 to 10.1.24</p>
+ <p><strong>Important: Denial of Service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286";
rel="nofollow">CVE-2024-38286</a></p>
+
+ <p>Tomcat, under certain configurations on any platform, allows an attacker
+ to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+ <p>This was fixed with commit
+ <a
href="https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543";>3344c17c</a>.</p>
+
+ <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+ issue was made public on 23 September 2024.</p>
+
+ <p>Affects: 10.1.0-M1 to 10.1.24</p>
+
</div><h3 id="Fixed_in_Apache_Tomcat_10.1.19"><span
class="pull-right">2024-02-19</span> Fixed in Apache Tomcat 10.1.19</h3><div
class="text">
<p><strong>Important: Denial of Service</strong>
Modified: tomcat/site/trunk/docs/security-11.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-11.html?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-11.html (original)
+++ tomcat/site/trunk/docs/security-11.html Mon Sep 23 12:53:20 2024
@@ -56,6 +56,20 @@
<p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
+ <p><strong>Important: Denial of Service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286";
rel="nofollow">CVE-2024-38286</a></p>
+
+ <p>Tomcat, under certain configurations on any platform, allows an attacker
+ to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+ <p>This was fixed with commit
+ <a
href="https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93";>31978626</a>.</p>
+
+ <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+ issue was made public on 23 September 2024.</p>
+
+ <p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
+
</div><h3 id="Fixed_in_Apache_Tomcat_11.0.0-M17"><span
class="pull-right">2024-02-19</span> Fixed in Apache Tomcat 11.0.0-M17</h3><div
class="text">
<p><strong>Important: Denial of Service</strong>
Modified: tomcat/site/trunk/docs/security-9.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Mon Sep 23 12:53:20 2024
@@ -56,6 +56,20 @@
<p>Affects: 9.0.0-M1 to 9.0.89</p>
+ <p><strong>Important: Denial of Service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286";
rel="nofollow">CVE-2024-38286</a></p>
+
+ <p>Tomcat, under certain configurations on any platform, allows an attacker
+ to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+ <p>This was fixed with commit
+ <a
href="https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13";>76c5cce6</a>.</p>
+
+ <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+ issue was made public on 23 September 2024.</p>
+
+ <p>Affects: 9.0.13 to 9.0.89</p>
+
</div><h3 id="Fixed_in_Apache_Tomcat_9.0.86"><span
class="pull-right">2024-02-19</span> Fixed in Apache Tomcat 9.0.86</h3><div
class="text">
<p><strong>Important: Denial of Service</strong>
Modified: tomcat/site/trunk/xdocs/security-10.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-10.xml?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-10.xml (original)
+++ tomcat/site/trunk/xdocs/security-10.xml Mon Sep 23 12:53:20 2024
@@ -75,6 +75,20 @@
<p>Affects: 10.1.0-M1 to 10.1.24</p>
+ <p><strong>Important: Denial of Service</strong>
+ <cve>CVE-2024-38286</cve></p>
+
+ <p>Tomcat, under certain configurations on any platform, allows an attacker
+ to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+ <p>This was fixed with commit
+ <hashlink hash="3344c17cef094da4bb616f4186ed32039627b543"/>.</p>
+
+ <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+ issue was made public on 23 September 2024.</p>
+
+ <p>Affects: 10.1.0-M1 to 10.1.24</p>
+
</section>
<section name="Fixed in Apache Tomcat 10.1.19" rtext="2024-02-19">
Modified: tomcat/site/trunk/xdocs/security-11.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-11.xml?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-11.xml (original)
+++ tomcat/site/trunk/xdocs/security-11.xml Mon Sep 23 12:53:20 2024
@@ -69,6 +69,20 @@
<p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
+ <p><strong>Important: Denial of Service</strong>
+ <cve>CVE-2024-38286</cve></p>
+
+ <p>Tomcat, under certain configurations on any platform, allows an attacker
+ to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+ <p>This was fixed with commit
+ <hashlink hash="3197862639732e16ec1164557bcd289ebc116c93"/>.</p>
+
+ <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+ issue was made public on 23 September 2024.</p>
+
+ <p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
+
</section>
<section name="Fixed in Apache Tomcat 11.0.0-M17" rtext="2024-02-19">
Modified: tomcat/site/trunk/xdocs/security-9.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Mon Sep 23 12:53:20 2024
@@ -69,6 +69,20 @@
<p>Affects: 9.0.0-M1 to 9.0.89</p>
+ <p><strong>Important: Denial of Service</strong>
+ <cve>CVE-2024-38286</cve></p>
+
+ <p>Tomcat, under certain configurations on any platform, allows an attacker
+ to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+ <p>This was fixed with commit
+ <hashlink hash="76c5cce6f0bcef14b0c21c38910371ca7d322d13"/>.</p>
+
+ <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+ issue was made public on 23 September 2024.</p>
+
+ <p>Affects: 9.0.13 to 9.0.89</p>
+
</section>
<section name="Fixed in Apache Tomcat 9.0.86" rtext="2024-02-19">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
