Lucene search
K

138 matches found

Veracode
Veracode
added 2023/05/24 5:1 a.m.31 views

Denial Of Service (DoS)

org.apache.tomcat:tomcat-coyote is vulnerable to Denial Of Service DoS. Bypassing the restriction on uploaded request parts may result in a Denial of Service if HTTP connector settings are different from the default. The Denial of Service may occur if a request query string exactly matches the...

7.5CVSS6.8AI score0.51547EPSS
Exploits1References13Affected Software6
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.29 views

Apache Tomcat 10.1.5 < 10.1.8 DoS

The version of Tomcat installed on the remote host is prior to 10.1.8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.8security-10 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to...

7.5CVSS7.6AI score0.51547EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.36 views

Apache Tomcat 11.0.0.M2 < 11.0.0.M5 DoS

The version of Tomcat installed on the remote host is prior to 11.0.0.M5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m5security-11 advisory. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using...

7.5CVSS8.3AI score0.51547EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.185 views

Apache Tomcat 8.5.85 < 8.5.88 DoS

The version of Tomcat installed on the remote host is prior to 8.5.88. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.88security-8 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to...

7.5CVSS7.6AI score0.51547EPSS
Exploits1References3
NVD
NVD
added 2023/05/22 11:15 a.m.31 views

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.5CVSS7.9AI score0.51547EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/22 10:8 a.m.24 views

CVE-2023-28709 Apache Tomcat: Fix for CVE-2023-24998 is incomplete

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.2AI score0.51547EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2023/05/22 10:8 a.m.60 views

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.5CVSS7.4AI score0.51547EPSS
Exploits1
CVE
CVE
added 2023/05/22 10:8 a.m.671 views

CVE-2023-28709

The CVE-2023-28709 entry is tied to Apache Tomcat and an incomplete fix for CVE-2023-24998. The issue: when non-default HTTP connector settings allow maxParameterCount to be reached via query string parameters, a request that exactly meets maxParameterCount could bypass the limit for uploaded req...

7.5CVSS7.3AI score0.51547EPSS
Exploits1References5Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/04/19 12:0 a.m.148 views

Fixed in Apache Tomcat 8.5.88

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...

7.5CVSS7.8AI score0.51547EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/04/19 12:0 a.m.73 views

Fixed in Apache Tomcat 10.1.8

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...

7.5CVSS7.8AI score0.51547EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/04/19 12:0 a.m.80 views

Fixed in Apache Tomcat 11.0.0-M5

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.18 views

PT-2023-4888

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M2 through 11.0.0-M4 Apache Tomcat versions 10.1.5 through 10.1.7 Apache Tomcat versions 9.0.71 through 9.0.73 Apache Tomcat versions 8.5.85 through 8.5.87 Bamboo Data Center and Server version 8.1.12 and later,...

10CVSS7.2AI score0.99999EPSS
Exploits194References184
Apache Tomcat
Apache Tomcat
added 2023/04/18 12:0 a.m.84 views

Fixed in Apache Tomcat 9.0.74

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...

7.5CVSS7.8AI score0.51547EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2022/12/12 12:39 p.m.69 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

Red Hat JBoss Web Server 5.7.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

10CVSS6.9AI score0.95764EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2022/11/02 12:0 a.m.27 views

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.0 (RHSA-2022:7272)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7272 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

7CVSS7.1AI score0.01912EPSS
Exploits15References6
OSV
OSV
added 2022/05/24 4:55 p.m.21 views

GHSA-MWH9-GR45-XVV4 Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

7.5CVSS7.5AI score0.02998EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.24 views

Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

7.5CVSS6.8AI score0.02998EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 2:56 a.m.29 views

GHSA-43V2-6GRP-9PP9 Apache Tomcat does not enforce the maxHttpHeaderSize limit

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

7.5CVSS5.1AI score0.07885EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2022/05/14 2:56 a.m.31 views

Apache Tomcat does not enforce the maxHttpHeaderSize limit

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

5CVSS7.1AI score0.07885EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2022/05/14 1:17 a.m.26 views

GHSA-9GGM-7897-X4MG Improper Input Validation in Apache Tomcat

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS4.4AI score0.00699EPSS
Exploits1References39
Rows per page
Query Builder