Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Critical Apache Tomcat Vulnerability CVE-2024-34750 Could Bring Your Server to a Halt!

Raffaela Crisci : 5 July 2024 19:19

The vulnerability CVE-2024-34750 in Apache Tomcat, as described in the security bulletin AL01/240705/CSIRT-ITA, concerns an issue that can be exploited to overload the server’s computing resources, leading to a Denial of Service (DoS).

Apache Tomcat is an open-source server that implements Java Servlet, JavaServer Pages (JSP), and other Java technologies. The vulnerability was discovered directly by the Tomcat security team.

Vulnerability Details

The vulnerability was identified in the open-source web server Apache Tomcat, developed by the Apache Software Foundation. This security flaw can be exploited by a remote attacker to overload the computing resources of the vulnerable system, thus compromising service availability. In practice, an attacker could send a series of requests aimed at excessively consuming CPU, memory, or other critical server resources, leading to significant slowdowns or even a complete service outage.

Vuoi diventare un Ethical Hacker?
Non perdere i nostri corsi e scrivi subito su WhatsApp al numero
375 593 1011  per richiedere informazioni dicendo che hai trovato il numero sulle pagine di Red Hot Cyber

Supporta RHC attraverso:


Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

This is due to the way HTTP/2 streams are processed. When a high number of these streams are used, Tomcat improperly uses an infinite countdown that allows closed connections to remain open, excessively using resources. To exploit the Tomcat service, an excessive use of Headers is necessary, which combined with the high number of streams, triggers the infinite countdown.

Possible Impact: An attacker can exploit this vulnerability to make the Tomcat server unavailable, interrupting the service offered to legitimate users. This can have severe consequences, especially for web services that require high availability and rapid response times.

This vulnerability affects various versions of Apache Tomcat: from 11.0.0-M1 to 11.0.0-M20, from 10.1.0-M1 to 10.1.24, and from 9.0.0-M1 to 9.0.89.

CVE-2024-34750 is still pending analysis by NIST, so its risk value cannot be quantified.

Conclusion

The vulnerability CVE-2024-34750 in Apache Tomcat represents a significant threat to service availability. It is essential to keep the software updated, correctly configure resource limits, and implement monitoring and security measures to protect the system from potential DoS attacks. Adopting a proactive approach to security can help mitigate the risks associated with this and similar vulnerabilities. It is recommended to update Tomcat versions to the patched versions: 11.0.0-M21, 10.1.25, or 9.0.90.

Raffaela Crisci
Member of the Dark Lab group. Computer Engineer graduated with honors from the University of Sannio, with specialization in Cyber Security. Expert in Cyber Threat Intelligence with experience in a leading multinational company. Strong discipline and organizational skills developed through sports