Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1913 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1916 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5667 advisory.

  - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from     10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly     parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to     treat a single request as multiple requests leading to the possibility of request smuggling when behind a     reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83     onwards or 8.5.96 onwards, which fix the issue. (CVE-2023-46589)

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1345-1 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2514 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory.

  - Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are     affected are 21.3-21.13. Easily exploitable vulnerability allows low privileged attacker having     Authenticated User privilege with network access via Oracle Net to compromise RDBMS (Python). Successful     attacks require human interaction from a person other than the attacker. Successful attacks of this     vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS)     of RDBMS (Python). (CVE-2023-36632) 

  - Vulnerability in the Grid Infrastructure (Apache Mina SSHD) component of Oracle Database Server.   Supported versions that are affected are 21.3-21.13. Difficult to exploit vulnerability allows   unauthenticated attacker with network access via SSH to compromise Grid Infrastructure (Apache Mina SSHD).   Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification   access to critical data or all Grid Infrastructure (Apache Mina SSHD) accessible data. (CVE-2023-48795)

  - Vulnerability in the Oracle SQLcl (Apache Mina SSHD) component of Oracle Database Server. Supported   versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows   unauthenticated attacker with network access via SSH to compromise Oracle SQLcl (Apache Mina SSHD).   Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification   access to critical data or all Oracle SQLcl (Apache Mina SSHD) accessible data. (CVE-2023-48795)	

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 8.5.100-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-019 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 9.0.87-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-013 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5665 advisory.

  - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from     10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly     parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to     treat a single request as multiple requests leading to the possibility of request smuggling when behind a     reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83     onwards or 8.5.96 onwards, which fix the issue. (CVE-2023-46589)

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1204-1 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1205-1 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3779 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-577 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.98, 9.0.0-M1 to 9.0.85, 10.1.0-M1 to 10.1.18 or 11.0.0-M1 to 11.0.0-M16. It is, therefore, affected by two denial of service vulnerabilities related to WebSocket connection and HTTP/2 request.

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 11.0.0.M17. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_11.0.0-m17_security-11 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 8.5.99. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.99_security-8 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 9.0.86. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.86_security-9 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 10.1.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_10.1.19_security-10 advisory.

  - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket     clients to keep WebSocket connections open leading to increased resource consumption.This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through     9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86     or 8.5.99 which fix the issue. (CVE-2024-23672)

  - Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
    When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the     associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1     through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17,     10.1.19, 9.0.86 or 8.5.99 which fix the issue. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
196018	RHEL 6 : apache_tomcat (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
195116	RHEL 7 / 9 : Red Hat JBoss Web Server 5.8.0 (RHSA-2024:1913)	Nessus	Red Hat Local Security Checks	high
195114	RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.2 (RHSA-2024:1916)	Nessus	Red Hat Local Security Checks	high
193657	Debian dsa-5667 : libtomcat9-embed-java - security update	Nessus	Debian Local Security Checks	high
193546	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:1345-1)	Nessus	SuSE Local Security Checks	high
193526	Amazon Linux 2 : tomcat (ALAS-2024-2514)	Nessus	Amazon Linux Local Security Checks	high
193497	Oracle Database Server (Apr 2024 CPU)	Nessus	Databases	critical
193451	Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-019)	Nessus	Amazon Linux Local Security Checks	high
193449	Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-013)	Nessus	Amazon Linux Local Security Checks	high
193448	Debian dsa-5665 : libtomcat10-embed-java - security update	Nessus	Debian Local Security Checks	high
193251	SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2024:1204-1)	Nessus	SuSE Local Security Checks	high
193243	SUSE SLES12 Security Update : tomcat (SUSE-SU-2024:1205-1)	Nessus	SuSE Local Security Checks	high
192959	Debian dla-3779 : libtomcat9-embed-java - security update	Nessus	Debian Local Security Checks	high
192889	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2024-577)	Nessus	Amazon Linux Local Security Checks	high
114236	Apache Tomcat 8.5.x < 8.5.99 Denial Of Service	Web App Scanning	Component Vulnerability	high
114235	Apache Tomcat 9.0.0-M1 < 9.0.86 Denial Of Service	Web App Scanning	Component Vulnerability	high
114234	Apache Tomcat 10.1.0-M1 < 10.1.19 Denial Of Service	Web App Scanning	Component Vulnerability	high
114233	Apache Tomcat 11.0.0-M1 < 11.0.0-M17 Denial Of Service	Web App Scanning	Component Vulnerability	high
192044	Apache Tomcat 11.0.0.M1 < 11.0.0.M17 multiple vulnerabilities	Nessus	Web Servers	high
192043	Apache Tomcat 8.5.0 < 8.5.99 multiple vulnerabilities	Nessus	Web Servers	high
192042	Apache Tomcat 9.0.0.M1 < 9.0.86 multiple vulnerabilities	Nessus	Web Servers	high
192033	Apache Tomcat 10.1.0.M1 < 10.1.19 multiple vulnerabilities	Nessus	Web Servers	high

Detections

Analytics

CVE-2024-23672

high

Tenable Plugins

high

high

high

high

high

high

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high