{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-28709","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2023-03-21T17:28:47.353Z","datePublished":"2023-05-22T10:08:49.541Z","dateUpdated":"2025-02-13T16:48:49.704Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache Tomcat","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"11.0.0-M4","status":"affected","version":"11.0.0-M2","versionType":"semver"},{"lessThanOrEqual":"10.1.7","status":"affected","version":"10.1.5","versionType":"semver"},{"lessThanOrEqual":"9.0.73","status":"affected","version":"9.0.71","versionType":"semver"},{"lessThanOrEqual":"8.5.87","status":"affected","version":"8.5.85","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Chenwei Jiang, Chenfeng Nie and Yue Yang from the Huawei Nebula Security Lab"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><p>The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount&nbsp;could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters&nbsp;<span style=\"background-color: var(--wht);\">in the query string, the limit for uploaded request parts could be&nbsp;</span><span style=\"background-color: var(--wht);\">bypassed with the potential for a denial of service to occur.</span></p></div><br>"}],"value":"The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur."}],"metrics":[{"other":{"content":{"text":"moderate"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-193","description":"CWE-193 Off-by-one Error","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2023-10-11T06:06:25.936Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"},{"url":"http://www.openwall.com/lists/oss-security/2023/05/22/1"},{"url":"https://security.gentoo.org/glsa/202305-37"},{"url":"https://security.netapp.com/advisory/ntap-20230616-0004/"},{"url":"https://www.debian.org/security/2023/dsa-5521"}],"source":{"discovery":"EXTERNAL"},"title":"Apache Tomcat: Fix for CVE-2023-24998 is incomplete","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T13:43:23.741Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"},{"url":"http://www.openwall.com/lists/oss-security/2023/05/22/1","tags":["x_transferred"]},{"url":"https://security.gentoo.org/glsa/202305-37","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20230616-0004/","tags":["x_transferred"]},{"url":"https://www.debian.org/security/2023/dsa-5521","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-02-20T15:15:57.637239Z","id":"CVE-2023-28709","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-20T18:13:44.180Z"}}]}}