CVE-2024-34750 impact on CA Test Data Manager
search cancel

CVE-2024-34750 impact on CA Test Data Manager

book

Article ID: 372629

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

CA TDM Portal component is impacted by the latest tomcat vulnerability CVE-2024-34750?

https://nvd.nist.gov/vuln/detail/CVE-2024-34750

 

Environment

TDM 4.11.x

Cause

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Resolution

CA TDM Portal component is impacted by this vulnerability. In the upcoming TDM Portal patch build engineering team will upgrade the bundled Tomcat version to 10.1.25 as suggested in the CVE remediation.

Once released, you can find the latest TDM Portal patch build at below location for download:

- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/release-announcements/Test-Data-Manager-TDM-Patches/16649#TDM4.11