CVE-2024-54677Uncontrolled Resource Consumption in Apache Tomcat

CWE-400Uncontrolled Resource Consumption9 documents7 sources
Severity
5.3MEDIUMNVD
OSV9.8
EPSS
1.2%
top 20.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TomcatApache Software Foundation Apache Tomcat
Timeline
PublishedDec 17
Latest updateAug 20

Description

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDapache/tomcat9.0.09.0.98+2
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M111.0.1+3

🔴Vulnerability Details

5
OSV
tomcat10 vulnerabilities2025-08-20
OSV
Apache Tomcat Uncontrolled Resource Consumption vulnerability2024-12-17
GHSA
Apache Tomcat Uncontrolled Resource Consumption vulnerability2024-12-17
CVEList
Apache Tomcat: DoS in examples web application2024-12-17
OSV
CVE-2024-54677: Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service2024-12-17

📋Vendor Advisories

3
Ubuntu
Tomcat vulnerabilities2025-08-20
Red Hat
tomcat: Apache Tomcat: DoS in examples web application2024-12-17
Debian
CVE-2024-54677: tomcat10 - Uncontrolled Resource Consumption vulnerability in the examples web application ...2024
CVE-2024-54677 — Uncontrolled Resource Consumption | cvebase