Published: 04/10/2023 Updated: 07/11/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

Subscribe to Network Security Services For Java

Tomcat: Memory leak (CVE-2022-4132) Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998)

Vulnerable Product	Search on Vulmon	Subscribe to Product
dogtagpki network security services for java
redhat enterprise linux 8.0
redhat enterprise linux 9.0

Debian Bug report logs - #1052575 jss: CVE-2022-4132 Package: jss; Maintainer for jss is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Markus Koschany <apo@debianorg> Date: Sun, 24 Sep 2023 21:51:04 UTC Severity: important Tags: security, upstream Reply or subscribe to this bug ...

Tomcat: Memory leak (CVE-2022-4132) Apache Commons FileUpload before 15 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-401 https://access.redhat.com/security/cve/CVE-2022-4132 https://bugzilla.redhat.com/show_bug.cgi?id=2147372 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052575 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2023-1738.html

CVE-2022-4132

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect