CVE-2024-23672: 
Java vulnerability analysis and mitigation

CVE-2024-23672 is a Denial of Service vulnerability discovered in Apache Tomcat that affects multiple versions of the software. The vulnerability was identified in Apache Tomcat versions ranging from 11.0.0-M1 through 11.0.0-M16, 10.1.0-M1 through 10.1.18, 9.0.0-M1 through 9.0.85, and 8.5.0 through 8.5.98 (CVE Mitre, NVD).

The vulnerability stems from an incomplete cleanup process in Apache Tomcat's WebSocket implementation. The issue allows WebSocket clients to maintain open connections, which can lead to increased resource consumption on the affected system (OSS Security, Apache List).

When successfully exploited, this vulnerability can result in a Denial of Service (DoS) condition due to increased resource consumption from persistent WebSocket connections. The vulnerability has been assigned a CVSS score of 7.5 (HIGH) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

Users are recommended to upgrade to the fixed versions: Apache Tomcat 11.0.0-M17, 10.1.19, 9.0.86, or 8.5.99, which contain the necessary patches to address this vulnerability (CVE Mitre, Apache List).