CVE-2024-23672 - Denial of Service (DoS)
Severity: High2024-03-29
Abstract
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
The Oxygen products incorporate Apache Tomcat as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Web Author v26.0.0.1 and older | High | Oxygen Web Author 26.1.0 build 2024032115 |
Detail
CVE-2024-23672
Severity: High
CVSS Score: 7.5
The Apache Tomcat third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-23672 vulnerability description.
Starting with Oxygen XML Web Author v26.1.0 build 2024032115 Apache Tomcat library was updated to a version which fixes this vulnerability.