How severe is CVE-2024-52317?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-52317?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2024-52317

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-326

View all →

Vulnerability Description

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

CVE-2015-5361

MEDIUM

CVSS:6.5(Medium)

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific...

CWE-3262015

CVE-2016-3019

MEDIUM

CVSS:6.5(Medium)

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

CWE-3262016

CVE-2017-3971

MEDIUM

CVSS:6.5(Medium)

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyph...

CWE-3262017

CVE-2017-9645

MEDIUM

CVSS:6.5(Medium)

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 an...

CWE-3262017

CVE-2018-5461

MEDIUM

CVSS:6.5(Medium)

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vuln...

CWE-3262018

CVE-2019-10638

MEDIUM

CVSS:6.5(Medium)

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to mul...

CWE-3262019

CVE-2024-52317

Vulnerability Description

Related Vulnerabilities

CVE-2015-5361

CVE-2016-3019

CVE-2017-3971

CVE-2017-9645

CVE-2018-5461

CVE-2019-10638