CVE-2023-28709

Опубликовано: 22 мая 2023

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-28709

CVSS3: 7.5

redhat

около 2 лет назад

CVE-2023-28709

CVSS3: 7.5

nvd

около 2 лет назад

CVE-2023-28709

CVSS3: 7.5

debian

около 2 лет назад

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 ...

SUSE-SU-2023:2504-1

suse-cvrf

около 2 лет назад

Security update for tomcat

SUSE-SU-2023:2319-1

suse-cvrf

около 2 лет назад

Security update for tomcat

7.5 High

CVSS3

CVE-2023-28709

Описание

Пакет tomcat9

Ссылки на источники

Связанные уязвимости