CVE-2024-52318

MEDIUM

Apache Tomcat <11.0.1-9.0.97 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-52318. PoCs published by TAM-K592.

AI-analyzed exploit summary This repository contains a Python script that tests for CVE-2024-52318, an XSS vulnerability in Apache Tomcat's generated JSPs. The script sends various encoded XSS payloads to a target URL and checks if they are reflected unescaped in the response.

Description

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

Exploits (1)

nomisec WORKING POC
by TAM-K592 · poc
https://github.com/TAM-K592/CVE-2024-52318

This repository contains a Python script that tests for CVE-2024-52318, an XSS vulnerability in Apache Tomcat's generated JSPs. The script sends various encoded XSS payloads to a target URL and checks if they are reflected unescaped in the response.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat (versions prior to 11.0.1, 10.1.33, 9.0.97)
No auth needed
Prerequisites: A vulnerable Apache Tomcat instance with exposed JSPs
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.1547
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-326
Status published
Products (4)
apache/tomcat 9.0.96
apache/tomcat 10.1.31
apache/tomcat 11.0.0
org.apache.tomcat/tomcat-jasper 11.0.0 - 11.0.1Maven
Published Nov 18, 2024
Tracked Since Feb 18, 2026