How severe is CVE-2023-28709?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-28709?

This is classified as CWE-193, which is a common weakness in software security.

CVE-2023-28709 - HIGH Severity | CVSS 7.5

Vulnerability Description

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Related Vulnerabilities

CVE-1999-1568

HIGH

CVSS:7.5(High)

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

CWE-1931999

CVE-2002-1721

HIGH

CVSS:7.5(High)

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

CWE-1932002

CVE-2002-1745

HIGH

CVSS:7.5(High)

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, ...

CWE-1932002

CVE-2003-0625

HIGH

CVSS:7.5(High)

Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the ser...

CWE-1932003

CVE-2006-4574

HIGH

CVSS:7.5(High)

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an...

CWE-1932006

CVE-2014-8182

HIGH

CVSS:7.5(High)

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with craf...

CWE-1932014