HomePentest-Tools.com Logo

Apache Tomcat DoS Vulnerability (May 2023) - Windows CVE-2023-24998CVE-2023-28709

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Tomcat is prone to a denial of service (DoS) vulnerability.

Risk description

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Recommendation

Update to version 8.5.88, 9.0.74, 10.1.8, 11.0.0-M5 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 20, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available