CVE
CVE-2024-52316
| CVE ID |
CVE-2024-52316
|
|---|---|
| CVSS Score |
9.8
|
| Operating System | |
| Affected Versions |
Tomcat
|
| Patched Versions |
8.5.106-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
Fixed an issue in Tomcat’s Jakarta Authentication (JASPIC) integration where a custom ServerAuthContext could throw an exception during authentication without an appropriate HTTP failure status, potentially allowing unauthorized access. Tomcat now defensively handles such uncaught exceptions by treating them as authentication failures and ensuring a proper error response is sent (500, Internal Server Error), preventing request processing from continuing.