GHSA-cx6h-86xw-9x34

Suggest an improvement
Source
https://github.com/advisories/GHSA-cx6h-86xw-9x34
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-cx6h-86xw-9x34/GHSA-cx6h-86xw-9x34.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cx6h-86xw-9x34
Aliases
Published
2023-07-06T21:14:59Z
Modified
2024-04-24T19:31:14.904436Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
Details

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

References

Affected packages

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name
org.apache.tomcat.embed:tomcat-embed-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0-M2
Fixed
11.0.0-M5

Affected versions

11.*

11.0.0-M3
11.0.0-M4

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name
org.apache.tomcat.embed:tomcat-embed-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.1.5
Fixed
10.1.8

Affected versions

10.*

10.1.5
10.1.6
10.1.7

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name
org.apache.tomcat.embed:tomcat-embed-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.71
Fixed
9.0.74

Affected versions

9.*

9.0.71
9.0.72
9.0.73

Maven / org.apache.tomcat:tomcat-coyote

Package

Name
org.apache.tomcat:tomcat-coyote
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat-coyote

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.5.85
Fixed
8.5.88

Affected versions

8.*

8.5.85
8.5.86
8.5.87