CVE-2023-28709

22.05.2023, 11:15

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	8.5.85 ≤ 𝑥 ≤ 8.5.87
apache	tomcat	9.0.71 ≤ 𝑥 ≤ 9.0.73
apache	tomcat	10.1.5 ≤ 𝑥 ≤ 10.1.7
apache	tomcat	11.0.0:milestone2
apache	tomcat	11.0.0:milestone3
apache	tomcat	11.0.0:milestone4
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat10

bookworm	10.1.6-1+deb12u2 fixed
bookworm (security)	10.1.6-1+deb12u2 fixed
sid	10.1.34-1 fixed
trixie	10.1.34-1 fixed

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat9

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	ignored
xenial	ignored

openSUSE / SLES Releases

openSUSE Product

Release

tomcat

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

tomcat-admin-webapps

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

tomcat-docs-webapp

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed

tomcat-el-3_0-api

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

tomcat-javadoc

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed

tomcat-jsp-2_3-api

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

tomcat-lib

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

tomcat-servlet-3_1-api

suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed

tomcat-servlet-4_0-api

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

tomcat-webapps

suse enterprise sap 12 SP4	9.0.36-3.105.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.105.1 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise sap 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise sap 15 SP7	9.0.75-150200.41.1 fixed
suse enterprise server 12 SP2	8.0.53-29.66.1 fixed
suse enterprise server 12 SP3	8.0.53-29.66.1 fixed
suse enterprise server 12 SP4	9.0.36-3.105.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.93.1 fixed
suse enterprise server 15 SP2	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP3	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP4	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP5	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP6	9.0.75-150200.41.1 fixed
suse enterprise server 15 SP7	9.0.75-150200.41.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

tomcat

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-admin-webapps

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-docs-webapp

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-el-3.0-api

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-jsp-2.3-api

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-lib

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-servlet-4.0-api

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

tomcat-webapps

RHEL 8	1:9.0.62-27.el8_9 fixed
RHEL 9	1:9.0.62-37.el9_3 fixed

Common Weakness Enumeration

CWE-193 - Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References

http://www.openwall.com/lists/oss-security/2023/05/22/1

https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j

https://security.gentoo.org/glsa/202305-37

https://security.netapp.com/advisory/ntap-20230616-0004/

https://www.debian.org/security/2023/dsa-5521

http://www.openwall.com/lists/oss-security/2023/05/22/1

https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j

https://security.gentoo.org/glsa/202305-37

https://security.netapp.com/advisory/ntap-20230616-0004/

https://www.debian.org/security/2023/dsa-5521