CVE-2024-52318

MEDIUM

Apache Tomcat <11.0.1-9.0.97 - Memory Corruption

Title source: llm

Description

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

Exploits (1)

nomisec WORKING POC

by TAM-K592 · poc

https://github.com/TAM-K592/CVE-2024-52318

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9

[Mailing List] http://www.openwall.com/lists/oss-security/2024/11/18/4

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20250131-0009/

Scores

CVSS v3 6.1

EPSS 0.1547

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-326

Status published

Products (4)

apache/tomcat 9.0.96

apache/tomcat 10.1.31

apache/tomcat 11.0.0

org.apache.tomcat/tomcat-jasper 11.0.0 - 11.0.1Maven

Published Nov 18, 2024

Tracked Since Feb 18, 2026