{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T07:13:51.656","vulnerabilities":[{"cve":{"id":"CVE-2024-52317","sourceIdentifier":"security@apache.org","published":"2024-11-18T12:15:18.727","lastModified":"2025-05-15T17:51:16.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests \ncould lead to request and/or response mix-up between users.\n\nThis issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue."},{"lang":"es","value":"Vulnerabilidad de reutilización y reciclaje incorrecto de objetos en Apache Tomcat. El reciclaje incorrecto de la solicitud y la respuesta utilizadas por las solicitudes HTTP/2 podría provocar una confusión de solicitudes y/o respuestas entre usuarios. Este problema afecta a Apache Tomcat: desde 11.0.0-M23 hasta 11.0.0-M26, desde 10.1.27 hasta 10.1.30, desde 9.0.92 hasta 9.0.95. Se recomienda a los usuarios que actualicen a la versión 11.0.0, 10.1.31 o 9.0.96, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.92","versionEndExcluding":"9.0.96","matchCriteriaId":"7C113778-1EC8-4D1F-8F02-5005820E0EE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.27","versionEndExcluding":"10.1.31","matchCriteriaId":"962F0EBC-7720-45C8-9187-AE91DA3140A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*","matchCriteriaId":"8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*","matchCriteriaId":"069B0D8E-8223-4C4E-A834-C6235D6C3450"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*","matchCriteriaId":"E6282085-5716-4874-B0B0-180ECDEE128F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone26:*:*:*:*:*:*","matchCriteriaId":"899B6FF0-8701-47E7-8EDA-428A6D48786D"}]}]}],"references":[{"url":"https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/11/18/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20250124-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}