Lucene search

K
redosRedosROS-20240405-12
HistoryApr 05, 2024 - 12:00 a.m.

ROS-20240405-12

2024-04-0500:00:00
redos.red-soft.ru
9
apache tomcat
application server
vulnerability
incomplete cleanup
resources
input validation
http requests
remote attacker
denial of service
protected information
integrity.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.01

Percentile

83.5%

A vulnerability in the Commons FileUpload component of Apache Tomcat application server exists due to incomplete cleanup of temporary or auxiliary resources.
clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker ,
acting remotely, to cause a denial of service

Apache Tomcat Application Server vulnerability exists due to insufficient input validation.
Exploitation of the vulnerability could allow a remote attacker to cause a denial of service.

Apache Tomcat application server vulnerability exists due to incomplete clearing of temporary or auxiliary resources.
auxiliary resources. Exploitation of the vulnerability could allow an attacker acting remotely,
disclose protected information

Apache Tomcat application server vulnerability exists due to inconsistent interpretation of HTTP requests.
Exploitation of the vulnerability could allow an attacker acting remotely to affect the
integrity of protected information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64tomcat< 9.0.83-1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.01

Percentile

83.5%