Article - CS423887
Apache Tomcat Denial of Service vulnerability CVE-2024-34750 on Windchill
Modified: 01-Aug-2024
Applies To
- Windchill PDMLink 12.0 to 13.0
Description
- The CVE NVD - CVE-2024-34750 (nist.gov) is on Apache Tomcat version and affects 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
- Current latest windchill version is using Apache Tomcat 9.0.89.
- The CVE will have an impact while processing the HTTP/2 streams.
- HTTP/2 was not implemented in Windchill 12.0.2 or 12.1.x release and it does not use HTTP/2 in any of the 12.0.2.x or 12.1.x . Thus, the Windchill 12.0.2.x and 12.1.x are not impacted by this CVE.
- HTTP/2 is implemented from Windchill 13.0.1 release onwards.
This is a printer-friendly version of Article 423887 and may be out of date. For the latest version click CS423887