1233437 – (CVE-2024-52318) VUL-0: CVE-2024-52318: tomcat,tomcat10,tomcat6: Apache Tomcat: Incorrect JSP tag recycling leads to XSS
Bug 1233437 (CVE-2024-52318) - VUL-0: CVE-2024-52318: tomcat,tomcat10,tomcat6: Apache Tomcat: Incorrect JSP tag recycling leads to XSS
Summary: VUL-0: CVE-2024-52318: tomcat,tomcat10,tomcat6: Apache Tomcat: Incorrect JSP ...
Status: RESOLVED UPSTREAM
Alias: CVE-2024-52318
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/429001/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-11-18 16:03 UTC by SMASH SMASH
Modified: 2024-11-18 16:04 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-11-18 16:03:11 UTC 
Incorrect object recycling and reuse vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.

Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52318
https://www.cve.org/CVERecord?id=CVE-2024-52318
https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9
https://seclists.org/oss-sec/2024/q4/105
Comment 1 Marcus Meissner 2024-11-18 16:04:45 UTC 
only affected the last minor release, older versions are not affected