CVE-2024-52317

{"id": "CVE-2024-52317", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2024-11-18T12:15:18.727", "references": [{"url": "https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs", "tags": ["Vendor Advisory", "Mailing List"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/18/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250124-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.\u00a0Incorrect recycling of the request and response used by HTTP/2 requests \ncould lead to request and/or response mix-up between users.\n\nThis issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de reutilizaci\u00f3n y reciclaje incorrecto de objetos en Apache Tomcat. El reciclaje incorrecto de la solicitud y la respuesta utilizadas por las solicitudes HTTP/2 podr\u00eda provocar una confusi\u00f3n de solicitudes y/o respuestas entre usuarios. Este problema afecta a Apache Tomcat: desde 11.0.0-M23 hasta 11.0.0-M26, desde 10.1.27 hasta 10.1.30, desde 9.0.92 hasta 9.0.95. Se recomienda a los usuarios que actualicen a la versi\u00f3n 11.0.0, 10.1.31 o 9.0.96, que soluciona el problema."}], "lastModified": "2025-05-15T17:51:16.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C113778-1EC8-4D1F-8F02-5005820E0EE0", "versionEndExcluding": "9.0.96", "versionStartIncluding": "9.0.92"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "962F0EBC-7720-45C8-9187-AE91DA3140A3", "versionEndExcluding": "10.1.31", "versionStartIncluding": "10.1.27"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F"}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "899B6FF0-8701-47E7-8EDA-428A6D48786D"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}