svn commit: r1920861 - in /tomcat/site/trunk: docs/security-10.html docs/security-11.html docs/security-9.html xdocs/security-10.xml xdocs/security-11.xml xdocs/security-9.xml

Mon, 23 Sep 2024 05:53:28 -0700 

Author: markt
Date: Mon Sep 23 12:53:20 2024
New Revision: 1920861

URL: http://svn.apache.org/viewvc?rev=1920861&view=rev
Log:
Add CVE-2024-38286

Modified:
    tomcat/site/trunk/docs/security-10.html
    tomcat/site/trunk/docs/security-11.html
    tomcat/site/trunk/docs/security-9.html
    tomcat/site/trunk/xdocs/security-10.xml
    tomcat/site/trunk/xdocs/security-11.xml
    tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-10.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-10.html (original)
+++ tomcat/site/trunk/docs/security-10.html Mon Sep 23 12:53:20 2024
@@ -62,6 +62,20 @@
 
     <p>Affects: 10.1.0-M1 to 10.1.24</p>
 
+    <p><strong>Important: Denial of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286"; 
rel="nofollow">CVE-2024-38286</a></p>
+
+    <p>Tomcat, under certain configurations on any platform, allows an attacker
+       to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+    <p>This was fixed with commit
+       <a 
href="https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543";>3344c17c</a>.</p>
+
+    <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+       issue was made public on 23 September 2024.</p>
+
+    <p>Affects: 10.1.0-M1 to 10.1.24</p>
+
   </div><h3 id="Fixed_in_Apache_Tomcat_10.1.19"><span 
class="pull-right">2024-02-19</span> Fixed in Apache Tomcat 10.1.19</h3><div 
class="text">
   
     <p><strong>Important: Denial of Service</strong>

Modified: tomcat/site/trunk/docs/security-11.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-11.html?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-11.html (original)
+++ tomcat/site/trunk/docs/security-11.html Mon Sep 23 12:53:20 2024
@@ -56,6 +56,20 @@
 
     <p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
 
+    <p><strong>Important: Denial of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286"; 
rel="nofollow">CVE-2024-38286</a></p>
+
+    <p>Tomcat, under certain configurations on any platform, allows an attacker
+       to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+    <p>This was fixed with commit
+       <a 
href="https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93";>31978626</a>.</p>
+
+    <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+       issue was made public on 23 September 2024.</p>
+
+    <p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
+
   </div><h3 id="Fixed_in_Apache_Tomcat_11.0.0-M17"><span 
class="pull-right">2024-02-19</span> Fixed in Apache Tomcat 11.0.0-M17</h3><div 
class="text">
   
     <p><strong>Important: Denial of Service</strong>

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Mon Sep 23 12:53:20 2024
@@ -56,6 +56,20 @@
 
     <p>Affects: 9.0.0-M1 to 9.0.89</p>
 
+    <p><strong>Important: Denial of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286"; 
rel="nofollow">CVE-2024-38286</a></p>
+
+    <p>Tomcat, under certain configurations on any platform, allows an attacker
+       to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+    <p>This was fixed with commit
+       <a 
href="https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13";>76c5cce6</a>.</p>
+
+    <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+       issue was made public on 23 September 2024.</p>
+
+    <p>Affects: 9.0.13 to 9.0.89</p>
+
   </div><h3 id="Fixed_in_Apache_Tomcat_9.0.86"><span 
class="pull-right">2024-02-19</span> Fixed in Apache Tomcat 9.0.86</h3><div 
class="text">
   
     <p><strong>Important: Denial of Service</strong>

Modified: tomcat/site/trunk/xdocs/security-10.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-10.xml?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-10.xml (original)
+++ tomcat/site/trunk/xdocs/security-10.xml Mon Sep 23 12:53:20 2024
@@ -75,6 +75,20 @@
 
     <p>Affects: 10.1.0-M1 to 10.1.24</p>
 
+    <p><strong>Important: Denial of Service</strong>
+       <cve>CVE-2024-38286</cve></p>
+
+    <p>Tomcat, under certain configurations on any platform, allows an attacker
+       to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+    <p>This was fixed with commit
+       <hashlink hash="3344c17cef094da4bb616f4186ed32039627b543"/>.</p>
+
+    <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+       issue was made public on 23 September 2024.</p>
+
+    <p>Affects: 10.1.0-M1 to 10.1.24</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 10.1.19" rtext="2024-02-19">

Modified: tomcat/site/trunk/xdocs/security-11.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-11.xml?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-11.xml (original)
+++ tomcat/site/trunk/xdocs/security-11.xml Mon Sep 23 12:53:20 2024
@@ -69,6 +69,20 @@
 
     <p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
 
+    <p><strong>Important: Denial of Service</strong>
+       <cve>CVE-2024-38286</cve></p>
+
+    <p>Tomcat, under certain configurations on any platform, allows an attacker
+       to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+    <p>This was fixed with commit
+       <hashlink hash="3197862639732e16ec1164557bcd289ebc116c93"/>.</p>
+
+    <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+       issue was made public on 23 September 2024.</p>
+
+    <p>Affects: 11.0.0-M1 to 11.0.0-M20</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 11.0.0-M17" rtext="2024-02-19">

Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1920861&r1=1920860&r2=1920861&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Mon Sep 23 12:53:20 2024
@@ -69,6 +69,20 @@
 
     <p>Affects: 9.0.0-M1 to 9.0.89</p>
 
+    <p><strong>Important: Denial of Service</strong>
+       <cve>CVE-2024-38286</cve></p>
+
+    <p>Tomcat, under certain configurations on any platform, allows an attacker
+       to cause an OutOfMemoryError by abusing the TLS handshake process.</p>
+
+    <p>This was fixed with commit
+       <hashlink hash="76c5cce6f0bcef14b0c21c38910371ca7d322d13"/>.</p>
+
+    <p>This issue was reported to the Tomcat Security Team on 4 June 2024. The
+       issue was made public on 23 September 2024.</p>
+
+    <p>Affects: 9.0.13 to 9.0.89</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 9.0.86" rtext="2024-02-19">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to