vulnerability

Debian: CVE-2024-54677: tomcat10, tomcat9 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Dec 17, 2024	Dec 19, 2024	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Dec 17, 2024

Added

Dec 19, 2024

Modified

Aug 15, 2025

Description

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.

Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Solutions

debian-upgrade-tomcat10debian-upgrade-tomcat9

References

CVE-2024-54677
https://attackerkb.com/topics/CVE-2024-54677
CWE-400
DEBIAN-DSA-5845-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today