{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-07T11:00:25.172","vulnerabilities":[{"cve":{"id":"CVE-2024-38286","sourceIdentifier":"security@apache.org","published":"2024-11-07T08:15:13.007","lastModified":"2025-11-03T21:16:14.353","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process."},{"lang":"es","value":"Vulnerabilidad de asignación de recursos sin límites o limitación de recursos en Apache Tomcat. Este problema afecta a Apache Tomcat: desde la versión 11.0.0-M1 hasta la 11.0.0-M20, desde la versión 10.1.0-M1 hasta la 10.1.24, desde la versión 9.0.13 hasta la 9.0.89. También pueden verse afectadas versiones anteriores no compatibles. Se recomienda a los usuarios que actualicen a la versión 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema. Apache Tomcat, en determinadas configuraciones de cualquier plataforma, permite a un atacante provocar un error OutOfMemoryError abusando del proceso de enlace TLS."}],"metrics":{"cvssMetricV31":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.13","versionEndExcluding":"9.0.90","matchCriteriaId":"C1F40EB4-1D56-45C7-B083-B1613E63B26C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.1","versionEndExcluding":"10.1.25","matchCriteriaId":"6F8D202A-1A79-47E5-81AD-A3C4BBB135EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"6D402B5D-5901-43EB-8E6A-ECBD512CE367"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*","matchCriteriaId":"64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*","matchCriteriaId":"FC64BB57-4912-481E-AE8D-C8FCD36142BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*","matchCriteriaId":"49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*","matchCriteriaId":"919C16BD-79A7-4597-8D23-2CBDED2EF615"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*","matchCriteriaId":"81B27C03-D626-42EC-AE4E-1E66624908E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*","matchCriteriaId":"BD81405D-81A5-4683-A355-B39C912DAD2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*","matchCriteriaId":"2DCE3576-86BC-4BB8-A5FB-1274744DFD7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*","matchCriteriaId":"5571F54A-2EAC-41B6-BDA9-7D33CFE97F70"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"9846609D-51FC-4CDD-97B3-8C6E07108F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*","matchCriteriaId":"ED30E850-C475-4133-BDE3-74CB3768D787"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"2E321FB4-0B0C-497A-BB75-909D888C93CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"7CB9D150-EED6-4AE9-BCBE-48932E50035E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"D334103F-F64E-4869-BCC8-670A5AFCC76C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"CE1A9030-B397-4BA6-8E13-DA1503872DDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"6284B74A-1051-40A7-9D74-380FEEEC3F88"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*","matchCriteriaId":"0092FB35-3B00-484F-A24D-7828396A4FF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*","matchCriteriaId":"CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*","matchCriteriaId":"72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*","matchCriteriaId":"3521C81B-37D9-48FC-9540-D0D333B9A4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*","matchCriteriaId":"02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*","matchCriteriaId":"ECBBC1F1-C86B-40AF-B740-A99F6B27682A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*","matchCriteriaId":"9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*","matchCriteriaId":"0495A538-4102-40D0-A35C-0179CFD52A9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"2AAD52CE-94F5-4F98-A027-9A7E68818CB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*","matchCriteriaId":"77BA6600-0890-4BA1-B447-EC1746BAB4FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"03A171AF-2EC8-4422-912C-547CDB58CAAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"49350A6E-5E1D-45B2-A874-3B8601B3ADCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"5F50942F-DF54-46C0-8371-9A476DD3EEA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"98792138-DD56-42DF-9612-3BDC65EEC117"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"5333B745-F7A3-46CB-8437-8668DB08CD6F"}]}]}],"references":[{"url":"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s","source":"security@apache.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2024/09/23/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20241101-0010/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}