Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: DENIAL-OF-SERVICE (DOS) VULNERABILITY AFFECTING APACHE TOMCAT
Image
Published : 24/09/2024
Reference:
Advisory #2024-227
Version:
1.0
Affected software:
Apache Tomcat 10.1.0-M1 to 10.1.24
Apache Tomcat 11.0.0-M1 to 11.0.0-M20
Apache Tomcat 9.0.13 to 9.0.89
Type:
Denial-of-Service (DoS)
CVE/CVSS:
CVE-2024-38286
CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Sources
https://lists.apache.org/thread/bk6k97ps0mcdw7nv6c1rpoyh8kn9cj93
Risks
The successful exploitation of CVE 2024 38286, could allow a remote attacker to cause an OutOfMemoryError by abusing TLS handshake process and execute a denial of service (DoS) attack.
An attacker exploiting this vulnerability could severely impact the Availability of affected systems.
However, security researchers have not yet observed an active exploitation.
Description
CVE 2024 38286 is a denial of service (DoS) vulnerability rated as important affecting Apache Tomcat versions 9.0.13 11.0.0 M20.
This vulnerability exists due to the way Tomcat handles TLS handshake process under certain configurations. As a result, a remote attacker could initiate multiple TLS connections, trigger memory exhaustion and perform DoS attack.
Recommended Actions
Patch
Apache Software Foundation urge all users of affected versions to upgrade to the latest secure versions:
- For Apache Tomcat 11: Upgrade to 11.0.0-M21 or later.
- For Apache Tomcat 10.1: Upgrade to 10.1.25 or later.
- For Apache Tomcat 9.0: Upgrade to 9.0.90 or later.
The Centre for Cybersecurity Belgium strongly recommends security administrators to install updates for vulnerable devices after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.