CVE-2023-28709

Aliases:GHSA-cx6h-86xw-9x34BIT-tomcat-2023-28709
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 22 May 2023, 10:08
Last modified:13 Feb 2025, 16:48

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.52% LOW
1% probability +0.16%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 May 2023, 10:08
Published
Vulnerability first disclosed
13 Feb 2025, 16:48
Last Modified
Vulnerability information updated

Description

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.52% Percentile: 67%

Techniques & Countermeasures

  • CWE-193Off-by-one Error

    A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Systems

  • apache software foundationapache tomcat

    ≥ 11.0.0-M2, ≤ 11.0.0-M4 | ≥ 10.1.5, ≤ 10.1.7 | ≥ 9.0.71, ≤ 9.0.73 | ≥ 8.5.85, ≤ 8.5.87

  • UnknownTomcat

    ≥ 8.5.85, ≤ 8.5.87 | ≥ 9.0.71, ≤ 9.0.73 | ≥ 10.1.5, ≤ 10.1.7 | 11.0.0:milestone2 | 11.0.0:milestone3 | 11.0.0:milestone4

  • debiandebian_linux

    12.0

  • org.apache.tomcattomcat-coyote

    ≥ 8.5.85, < 8.5.88

  • org.apache.tomcat.embedtomcat-embed-core

    ≥ 11.0.0-M2, < 11.0.0-M5 | ≥ 10.1.5, < 10.1.8 | ≥ 9.0.71, < 9.0.74

  • netapp7-mode_transition_tool

    na

References (16)