CVE Vulnerabilities

CVE-2023-28709

Off-by-one Error

Published: May 22, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 8.5.85 (including) 8.5.87 (including)
Tomcat Apache 9.0.71 (including) 9.0.73 (including)
Tomcat Apache 10.1.5 (including) 10.1.7 (including)
Tomcat Apache 11.0.0-milestone2 (including) 11.0.0-milestone2 (including)
Tomcat Apache 11.0.0-milestone3 (including) 11.0.0-milestone3 (including)
Tomcat Apache 11.0.0-milestone4 (including) 11.0.0-milestone4 (including)
JWS 5.7.4 release RedHat tomcat *
Red Hat Enterprise Linux 8 RedHat tomcat-1:9.0.62-27.el8_9 *
Red Hat Enterprise Linux 9 RedHat tomcat-1:9.0.62-37.el9_3 *
Red Hat JBoss Web Server 5.7 on RHEL 7 RedHat jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws *
Red Hat JBoss Web Server 5.7 on RHEL 8 RedHat jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws *
Red Hat JBoss Web Server 5.7 on RHEL 9 RedHat jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws *
Tomcat9 Ubuntu bionic *
Tomcat9 Ubuntu kinetic *
Tomcat9 Ubuntu lunar *
Tomcat9 Ubuntu mantic *
Tomcat9 Ubuntu trusty *
Tomcat9 Ubuntu xenial *

Potential Mitigations

References