发布时间: 2024年9月28日
修改时间: 2025年2月15日
A vulnerability was found in Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 (Application Server Software). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component TLS Handshake Handler. Upgrading to version 9.0.90, 10.1.25 or 11.0.0-M21 eliminates this vulnerability. The upgrade is hosted for download at tomcat.apache.org.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 7.5 | 7.5 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3845 | A vulnerability was found in Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 (Application Server Software). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component TLS Handshake Handler. Upgrading to version 9.0.90, 10.1.25 or 11.0.0-M21 eliminates this vulnerability. The upgrade is hosted for download at tomcat.apache.org. | 2024年9月28日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | tomcat | Unaffected |
| KY3.5.2 | tomcat | Unaffected |
| V6 | tomcat | Unaffected |
