CVE-2023-28709Off-by-one Error in Software Foundation Apache Tomcat

CWE-193Off-by-one Error9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Software Foundation Apache TomcatApache TomcatDebian Linux
Timeline
PublishedMay 22
Latest updateOct 15

Description

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/tomcat8.5.858.5.87+3
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M211.0.0-M4+3

Also affects: Debian Linux 12.0

🔴Vulnerability Details

4
OSV
Apache Tomcat - Fix for CVE-2023-24998 was incomplete2023-07-06
GHSA
Apache Tomcat - Fix for CVE-2023-24998 was incomplete2023-07-06
OSV
CVE-2023-28709: The fix for CVE-2023-24998 was incomplete for Apache Tomcat 112023-05-22
CVEList
Apache Tomcat: Fix for CVE-2023-24998 is incomplete2023-05-22

📋Vendor Advisories

4
Oracle
Oracle Oracle Commerce Risk Matrix: Workbench, Endeca Application Controller, Content Acquisition System (Apache Tomcat) — CVE-2023-287092023-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: DBPlugin (Apache Tomcat) — CVE-2023-287092023-07-15
Red Hat
tomcat: Fix for CVE-2023-24998 was incomplete2023-05-22
Debian
CVE-2023-28709: tomcat10 - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-...2023
CVE-2023-28709 — Off-by-one Error | cvebase