CVE-2024-23672

EUVD-2024-1010

13.03.2024, 16:15

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	8.5.0 ≤ 𝑥 < 8.5.99
apache	tomcat	9.0.0 ≤ 𝑥 < 9.0.86
apache	tomcat	10.1.0 ≤ 𝑥 < 10.1.19
apache	tomcat	11.0.0:milestone1
apache	tomcat	11.0.0:milestone10
apache	tomcat	11.0.0:milestone11
apache	tomcat	11.0.0:milestone12
apache	tomcat	11.0.0:milestone13
apache	tomcat	11.0.0:milestone14
apache	tomcat	11.0.0:milestone15
apache	tomcat	11.0.0:milestone16
apache	tomcat	11.0.0:milestone2
apache	tomcat	11.0.0:milestone3
apache	tomcat	11.0.0:milestone4
apache	tomcat	11.0.0:milestone5
apache	tomcat	11.0.0:milestone6
apache	tomcat	11.0.0:milestone7
apache	tomcat	11.0.0:milestone8
apache	tomcat	11.0.0:milestone9
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat10

bookworm	10.1.34-0+deb12u2 fixed
bookworm (security)	10.1.34-0+deb12u2 fixed
forky	10.1.46-1 fixed
sid	10.1.46-1 fixed
trixie	10.1.40-1 fixed

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.107-0+deb11u1 fixed
forky	9.0.111-1 fixed
sid	9.0.111-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat6

focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	not-affected
xenial	not-affected

tomcat7

bionic	needs-triage
focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	needs-triage
xenial	needs-triage

tomcat8

bionic	Fixed 8.5.39-1ubuntu1~18.04.3+esm5 released
focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	needs-triage

tomcat9

bionic	Fixed 9.0.16-3ubuntu0.18.04.2+esm4 released
focal	Fixed 9.0.31-1ubuntu0.8 released
jammy	Fixed 9.0.58-1ubuntu0.1+esm4 released
mantic	ignored
noble	Fixed 9.0.70-2ubuntu0.1+esm2 released
oracular	Fixed 9.0.70-2ubuntu1.24.10.2 released
plucky	Fixed 9.0.70-2ubuntu1.25.04.2 released
questing	Fixed 9.0.70-2ubuntu3 released

tomcat10

focal	dne
jammy	dne
mantic	ignored
noble	Fixed 10.1.16-1ubuntu0.1~esm2 released
oracular	not-affected
plucky	not-affected
questing	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

apache-commons-daemon

suse enterprise sap 15 SP2	1.3.4-150200.11.14.1 fixed
suse enterprise sap 15 SP3	1.3.4-150200.11.14.1 fixed
suse enterprise sap 15 SP4	1.3.4-150200.11.14.1 fixed
suse enterprise sap 15 SP5	1.3.4-150200.11.14.1 fixed
suse enterprise sap 15 SP6	1.3.4-150200.11.14.1 fixed
suse enterprise sap 15 SP7	1.3.4-150200.11.14.1 fixed
suse enterprise server 15 SP2	1.3.4-150200.11.14.1 fixed
suse enterprise server 15 SP3	1.3.4-150200.11.14.1 fixed
suse enterprise server 15 SP4	1.3.4-150200.11.14.1 fixed
suse enterprise server 15 SP5	1.3.4-150200.11.14.1 fixed
suse enterprise server 15 SP6	1.3.4-150200.11.14.1 fixed
suse enterprise server 15 SP7	1.3.4-150200.11.14.1 fixed

apache-commons-dbcp

suse enterprise sap 15 SP2	2.1.1-150200.10.8.1 fixed
suse enterprise sap 15 SP3	2.1.1-150200.10.8.1 fixed
suse enterprise sap 15 SP4	2.1.1-150200.10.8.1 fixed
suse enterprise sap 15 SP5	2.1.1-150200.10.8.1 fixed
suse enterprise sap 15 SP6	2.1.1-150200.10.8.1 fixed
suse enterprise sap 15 SP7	2.1.1-150200.10.8.1 fixed
suse enterprise server 15 SP2	2.1.1-150200.10.8.1 fixed
suse enterprise server 15 SP3	2.1.1-150200.10.8.1 fixed
suse enterprise server 15 SP4	2.1.1-150200.10.8.1 fixed
suse enterprise server 15 SP5	2.1.1-150200.10.8.1 fixed
suse enterprise server 15 SP6	2.1.1-150200.10.8.1 fixed
suse enterprise server 15 SP7	2.1.1-150200.10.8.1 fixed

apache-commons-pool2

suse enterprise sap 15 SP2	2.4.2-150200.11.8.1 fixed
suse enterprise sap 15 SP3	2.4.2-150200.11.8.1 fixed
suse enterprise sap 15 SP4	2.4.2-150200.11.8.1 fixed
suse enterprise sap 15 SP5	2.4.2-150200.11.8.1 fixed
suse enterprise sap 15 SP6	2.4.2-150200.11.8.1 fixed
suse enterprise sap 15 SP7	2.4.2-150200.11.8.1 fixed
suse enterprise server 15 SP2	2.4.2-150200.11.8.1 fixed
suse enterprise server 15 SP3	2.4.2-150200.11.8.1 fixed
suse enterprise server 15 SP4	2.4.2-150200.11.8.1 fixed
suse enterprise server 15 SP5	2.4.2-150200.11.8.1 fixed
suse enterprise server 15 SP6	2.4.2-150200.11.8.1 fixed
suse enterprise server 15 SP7	2.4.2-150200.11.8.1 fixed

geronimo-annotation-1_0-api

suse enterprise desktop 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise desktop 15 SP6	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP6	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP6	1.2-150200.15.8.1 fixed

geronimo-jms-1_1-api

suse enterprise desktop 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP5	1.2-150200.15.8.1 fixed

geronimo-jta-1_1-api

suse enterprise sap 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP6	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP7	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP6	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP7	1.2-150200.15.8.1 fixed

geronimo-stax-1_0-api

suse enterprise desktop 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise desktop 15 SP6	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise sap 15 SP6	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP2	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP3	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP4	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP5	1.2-150200.15.8.1 fixed
suse enterprise server 15 SP6	1.2-150200.15.8.1 fixed

jakarta-taglibs-standard

suse enterprise sap 15 SP2	1.1.1-150000.4.10.1 fixed
suse enterprise sap 15 SP3	1.1.1-150000.4.10.1 fixed
suse enterprise sap 15 SP4	1.1.1-150000.4.10.1 fixed
suse enterprise sap 15 SP5	1.1.1-150000.4.10.1 fixed
suse enterprise sap 15 SP6	1.1.1-150000.4.10.1 fixed
suse enterprise sap 15 SP7	1.1.1-150000.4.10.1 fixed
suse enterprise server 15 SP2	1.1.1-150000.4.10.1 fixed
suse enterprise server 15 SP3	1.1.1-150000.4.10.1 fixed
suse enterprise server 15 SP4	1.1.1-150000.4.10.1 fixed
suse enterprise server 15 SP5	1.1.1-150000.4.10.1 fixed
suse enterprise server 15 SP6	1.1.1-150000.4.10.1 fixed
suse enterprise server 15 SP7	1.1.1-150000.4.10.1 fixed

tomcat

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat-admin-webapps

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat-docs-webapp

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed

tomcat-el-3_0-api

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat-javadoc

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed

tomcat-jsp-2_3-api

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat-lib

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat-servlet-4_0-api

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat-webapps

suse enterprise sap 12 SP5	9.0.36-3.124.1 fixed
suse enterprise sap 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise sap 15 SP7	9.0.87-150200.65.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP3	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP4	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP5	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP6	9.0.87-150200.65.1 fixed
suse enterprise server 15 SP7	9.0.87-150200.65.1 fixed

tomcat10

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

tomcat10-admin-webapps

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

tomcat10-el-5_0-api

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

tomcat10-jsp-3_1-api

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

tomcat10-lib

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

tomcat10-servlet-6_0-api

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

tomcat10-webapps

suse enterprise sap 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise sap 15 SP7	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP5	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP6	10.1.20-150200.5.22.2 fixed
suse enterprise server 15 SP7	10.1.20-150200.5.22.2 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

tomcat

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-admin-webapps

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-docs-webapp

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-el-3.0-api

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-jsp-2.3-api

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-lib

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-servlet-4.0-api

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

tomcat-webapps

RHEL 8	1:9.0.87-1.el8_10.1 fixed
RHEL 8.8 AUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 EUS	1:9.0.87-1.el8_8.2 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.2 fixed
RHEL 9	1:9.0.87-1.el9_4.1 fixed

Common Weakness Enumeration

CWE-459 - Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

References

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

http://www.openwall.com/lists/oss-security/2024/03/13/4

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/

https://security.netapp.com/advisory/ntap-20240402-0002/