Impact of CVE-2024-34750 on ESXi host
search cancel

Impact of CVE-2024-34750 on ESXi host

book

Article ID: 372220

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Analysing the impact of vulnerability CVE-2024-34750 on ESXi host

Environment

vSphere ESXi

Cause

This issue occurs due to improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. 

Resolution

ESXi does not utilize Apache Tomcat and hence, is not impacted by this vulnerability.