CVE-2024-23672 is a vulnerability classified under CWE-459 (Incomplete Cleanup) affecting multiple versions of Apache Tomcat, a widely used Java-based web server and servlet container. The issue stems from improper cleanup of WebSocket connections, which allows malicious or misbehaving WebSocket clients to keep connections open indefinitely. This behavior leads to increased resource consumption on the server, such as memory and file descriptors, potentially resulting in denial of service (DoS) conditions where legitimate users cannot access services. The affected versions span from early milestone releases (M1) to recent stable releases across Tomcat 8.5.x, 9.0.x, 10.1.x, and 11.0.x branches. Exploitation requires network access and low privileges but no user interaction, making it relatively easy to attempt. The CVSS v3.1 base score is 6.3 (medium), reflecting the moderate impact on availability and limited impact on confidentiality and integrity. No public exploits have been reported yet, but the vulnerability poses a risk in environments heavily utilizing WebSocket connections. The Apache Software Foundation has addressed the issue in newer releases (8.5.99, 9.0.86, 10.1.19, 11.0.0-M17), and users are strongly advised to upgrade. The vulnerability is particularly relevant for applications relying on real-time communication via WebSockets, common in modern web applications and services.

For European organizations, the primary impact of CVE-2024-23672 is the risk of denial of service due to resource exhaustion caused by persistent WebSocket connections. This can disrupt critical web applications, customer-facing portals, and internal services that depend on Apache Tomcat, leading to downtime and potential loss of business continuity. Organizations in sectors such as finance, government, telecommunications, and e-commerce, which often deploy Tomcat-based applications, may face operational disruptions. The vulnerability could also increase operational costs due to the need for emergency incident response and potential reputational damage if services become unavailable. While confidentiality and integrity impacts are low, the availability impact can be significant, especially if exploited at scale or combined with other attack vectors. Given the widespread use of Tomcat in Europe, unpatched systems represent a notable risk vector for service outages.

To mitigate CVE-2024-23672, organizations should: 1) Immediately upgrade Apache Tomcat to the fixed versions 8.5.99, 9.0.86, 10.1.19, or 11.0.0-M17 as appropriate. 2) Implement WebSocket connection limits and timeouts at the application or server level to prevent clients from holding connections indefinitely. 3) Monitor WebSocket traffic patterns and resource utilization to detect abnormal connection persistence or spikes indicative of attempted exploitation. 4) Employ network-level controls such as rate limiting and connection throttling on firewalls or load balancers to mitigate potential abuse. 5) Review and harden server configurations to ensure resource cleanup mechanisms are effective. 6) Conduct regular vulnerability assessments and penetration testing focused on WebSocket implementations. 7) Educate development and operations teams about the risks associated with WebSocket misuse and the importance of timely patching. These steps go beyond generic advice by focusing on WebSocket-specific controls and proactive monitoring tailored to this vulnerability.