CVE-2024-23672 - Denial of Service (DoS)

Severity: High2024-03-29

Security Advisories

Abstract

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

The Oxygen products incorporate Apache Tomcat as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Web Author v26.0.0.1 and olderHigh Oxygen Web Author 26.1.0 build 2024032115

Mitigation

None

Detail

CVE-2024-23672

Severity: High

CVSS Score: 7.5

The Apache Tomcat third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-23672 vulnerability description.

Starting with Oxygen XML Web Author v26.1.0 build 2024032115 Apache Tomcat library was updated to a version which fixes this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Declarative Amsterdam 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor