{"vulnerability": "CVE-2024-2454", "sightings": [{"uuid": "803ee14a-8373-4bb7-8ddf-f1cf26840036", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24549", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-24549\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.\n\ud83d\udccf Published: 2024-03-13T18:31:34Z\n\ud83d\udccf Modified: 2025-02-13T19:07:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-24549\n2. https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96\n3. https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5\n4. https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0\n5. https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843\n6. https://github.com/apache/tomcat\n7. https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg\n8. https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html\n9. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B\n10. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55\n11. https://security.netapp.com/advisory/ntap-20240402-0002\n12. http://www.openwall.com/lists/oss-security/2024/03/13/3", "creation_timestamp": "2025-02-13T19:13:25.000000Z"}, {"uuid": "4c3fe642-0699-4bc6-ba3a-70db4da03de5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24549", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9355", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof of concept of the CVE-2024-24549, Exploit in Python. \nURL\uff1ahttps://github.com/JFOZ1010/CVE-2024-24549\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-09T05:02:48.000000Z"}, {"uuid": "3d9fd3c1-227e-4edc-9338-55f1984ad8fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24549", "type": "seen", "source": "https://t.me/ctinow/206948", "content": "https://ift.tt/3H97eQL\nCVE-2024-24549", "creation_timestamp": "2024-03-13T17:37:17.000000Z"}, {"uuid": "0a6bb65b-ec71-499b-beab-5fd0e12c5c22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24548", "type": "seen", "source": "https://t.me/ctinow/191203", "content": "https://ift.tt/bl5aoQU\nCVE-2024-24548 | Simplesite Payment EX up to 1.1.5b information disclosure", "creation_timestamp": "2024-02-22T21:51:55.000000Z"}, {"uuid": "52abcc7c-50a9-4b71-9b27-d3a34c125100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24549", "type": "seen", "source": "https://t.me/ctinow/208254", "content": "https://ift.tt/jro6c1M\nCVE-2024-24549", "creation_timestamp": "2024-03-14T22:56:57.000000Z"}, {"uuid": "35cad282-2f39-4cb7-a1a3-e801ee7fdbd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24543", "type": "seen", "source": "https://t.me/ctinow/179547", "content": "https://ift.tt/3d5joRU\nCVE-2024-24543", "creation_timestamp": "2024-02-05T22:31:59.000000Z"}, {"uuid": "8c607968-78c4-4a82-8633-905e7d11d6ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24543", "type": "seen", "source": "https://t.me/ctinow/196469", "content": "https://ift.tt/jFiz3lS\nCVE-2024-24543 | Tenda AC9 15.03.06.42_multi setSchedWifi buffer overflow", "creation_timestamp": "2024-02-29T10:26:12.000000Z"}, {"uuid": "9c5af90d-7c2c-421a-b324-580da122a0ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24543", "type": "seen", "source": "https://t.me/ctinow/185016", "content": "https://ift.tt/caUqEn3\nCVE-2024-24543 Exploit", "creation_timestamp": "2024-02-14T21:16:32.000000Z"}, {"uuid": "b10c1f36-1685-4a4e-9ec1-afdf5a9aa441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24548", "type": "seen", "source": "https://t.me/ctinow/177379", "content": "https://ift.tt/wef6zXH\nCVE-2024-24548", "creation_timestamp": "2024-02-01T08:31:09.000000Z"}]}