SUSE CVE-2023-28709

🗓️ 14 Feb 2025 06:31:41Reported by Suse CVEType

Incomplete patch in Apache Tomcat could allow denial of service when non-default HTTP connector reaches maximum parameter count via query string.

Reporter	Title	Published	Views	Family All 184
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server	31 Oct 202315:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management	22 Mar 202416:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2023-28709 ) affects Power HMC	16 Aug 202317:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	24 Oct 202319:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus is vulnerable to a denial of service due to Apache Tomcat (CVE-2023-28709)	22 Jun 202316:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2023-28709)	29 Jun 202314:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-28709)	12 Jul 202316:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.	26 Mar 202503:51	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC	15 Dec 202508:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	24 Aug 202309:23	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	12.2	any	tomcat	8.0.53-29.66.1	tomcat-8.0.53-29.66.1.noarch.rpm
SUSE Linux Enterprise Server	12.3	any	tomcat	8.0.53-29.66.1	tomcat-8.0.53-29.66.1.noarch.rpm
SUSE Linux Enterprise Server	16.0	any	tomcat	9.0.108-160000.1.2	tomcat-9.0.108-160000.1.2.noarch.rpm
SUSE Linux Enterprise Server	12.5	any	tomcat	9.0.115-3.160.1	tomcat-9.0.115-3.160.1.noarch.rpm
SUSE Linux Enterprise Server	15.1	any	tomcat	9.0.36-150100.4.93.1	tomcat-9.0.36-150100.4.93.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.1	any	tomcat	9.0.36-150100.4.93.1	tomcat-9.0.36-150100.4.93.1.noarch.rpm
SUSE Linux Enterprise Server	12.4	any	tomcat	9.0.36-3.105.1	tomcat-9.0.36-3.105.1.noarch.rpm
SUSE Linux Enterprise Server	12.5	any	tomcat	9.0.36-3.105.1	tomcat-9.0.36-3.105.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.4	any	tomcat	9.0.36-3.105.1	tomcat-9.0.36-3.105.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.5	any	tomcat	9.0.36-3.105.1	tomcat-9.0.36-3.105.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2023-28709
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1211608
bugzilla	www.bugzilla.suse.com/1228313
lists	www.lists.suse.com/pipermail/sle-updates/2023-May/029581.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-May/029580.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-June/015175.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-June/015174.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html

06 Jun 2026 04:56Current

8.7High risk

Vulners AI Score8.7

CVSS 3.17.5

EPSS0.51547