CVE-2023-28709

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

Description

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

Affected Versions

Severity

Ecosystem

Java

Publish Date

July 6, 2023

Modified Date

April 24, 2024