Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-001)

The version of tomcat installed on the remote host is prior to 9.0.76-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2023-001 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and...

Atlassian Confluence 7.19.7 < 7.19.11 Tomcat Dependancy Vulnerabilty

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.15 prior to 7.13.19, 7.19.7 prior to 7.19.11 or 8.1.1 prior to 8.4.1. It is, therefore, affected by a vulnerability in the bundled Apache Tomcat. If non-default HTTP connector...

Atlassian Confluence 7.13.15 < 7.13.19 / 7.19.7 < 7.19.11 / 8.1.1 < 8.4.1 DoS (CONFSERVER-90185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-90185 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded...

GHSA-CX6H-86XW-9X34 Apache Tomcat - Fix for CVE-2023-24998 was incomplete

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2023:2505-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2505-1 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

Apache Tomcat 11.0.0.M2 < 11.0.0.M5 DoS

The version of Tomcat installed on the remote host is prior to 11.0.0.M5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m5security-11 advisory. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using...

CVE-2023-28709

The CVE-2023-28709 entry is tied to Apache Tomcat and an incomplete fix for CVE-2023-24998. The issue: when non-default HTTP connector settings allow maxParameterCount to be reached via query string parameters, a request that exactly meets maxParameterCount could bypass the limit for uploaded req...

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

Fixed in Apache Tomcat 8.5.88

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...

Fixed in Apache Tomcat 9.0.74

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...