Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Critical Apache Tomcat Vulnerability CVE-2024-34750 Could Bring Your Server to a Halt!

Raffaela Crisci : 5 July 2024 19:19

The vulnerability CVE-2024-34750 in Apache Tomcat, as described in the security bulletin AL01/240705/CSIRT-ITA, concerns an issue that can be exploited to overload the server’s computing resources, leading to a Denial of Service (DoS).

Apache Tomcat is an open-source server that implements Java Servlet, JavaServer Pages (JSP), and other Java technologies. The vulnerability was discovered directly by the Tomcat security team.

Vulnerability Details

The vulnerability was identified in the open-source web server Apache Tomcat, developed by the Apache Software Foundation. This security flaw can be exploited by a remote attacker to overload the computing resources of the vulnerable system, thus compromising service availability. In practice, an attacker could send a series of requests aimed at excessively consuming CPU, memory, or other critical server resources, leading to significant slowdowns or even a complete service outage.

Sei un Esperto di Formazione?
Entra anche tu nel Partner program!
Accedi alla sezione riservata ai Creator sulla nostra Academy e scopri i vantaggi riservati ai membri del Partner program.
Per ulteriori informazioni, scrivici ad [email protected] oppure su Whatsapp al 379 163 8765 

Supporta RHC attraverso:


Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo

This is due to the way HTTP/2 streams are processed. When a high number of these streams are used, Tomcat improperly uses an infinite countdown that allows closed connections to remain open, excessively using resources. To exploit the Tomcat service, an excessive use of Headers is necessary, which combined with the high number of streams, triggers the infinite countdown.

Possible Impact: An attacker can exploit this vulnerability to make the Tomcat server unavailable, interrupting the service offered to legitimate users. This can have severe consequences, especially for web services that require high availability and rapid response times.

This vulnerability affects various versions of Apache Tomcat: from 11.0.0-M1 to 11.0.0-M20, from 10.1.0-M1 to 10.1.24, and from 9.0.0-M1 to 9.0.89.

CVE-2024-34750 is still pending analysis by NIST, so its risk value cannot be quantified.

Conclusion

The vulnerability CVE-2024-34750 in Apache Tomcat represents a significant threat to service availability. It is essential to keep the software updated, correctly configure resource limits, and implement monitoring and security measures to protect the system from potential DoS attacks. Adopting a proactive approach to security can help mitigate the risks associated with this and similar vulnerabilities. It is recommended to update Tomcat versions to the patched versions: 11.0.0-M21, 10.1.25, or 9.0.90.

Raffaela Crisci
Member of the Dark Lab group. Computer Engineer graduated with honors from the University of Sannio, with specialization in Cyber Security. Expert in Cyber Threat Intelligence with experience in a leading multinational company. Strong discipline and organizational skills developed through sports
Categories
Banner

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.