{"uuid": "c6968722-3d09-4583-902a-b792596782e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28709", "type": "seen", "source": "https://t.me/cibsecurity/64516", "content": "\u203c CVE-2023-28709 \u203c\n\nThe fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount\u00c2\u00a0could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters\u00c2\u00a0in the query string, the limit for uploaded request parts could be\u00c2\u00a0bypassed with the potential for a denial of service to occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T14:25:26.000000Z"}