NA

CVE-2023-24998

Published: 20/02/2023 Updated: 21/11/2024

Vulnerability Summary

Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache commons fileupload

apache commons fileupload 1.0

debian debian linux 9.0

debian debian linux 11.0

Vendor Advisories

Debian Bug report logs - #1031733 libcommons-fileupload-java: CVE-2023-24998 Package: src:libcommons-fileupload-java; Maintainer for src:libcommons-fileupload-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 21 Feb 2023 15:12:03 ...
Synopsis Moderate: tomcat security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tomcat is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
Synopsis Moderate: Red Hat JBoss Web Server 574 release and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Web Server 574 on Red Hat Enterprise Linux versio ...
Synopsis Moderate: tomcat security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tomcat is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Synopsis Moderate: Red Hat JBoss Web Server 574 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 574 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows ServerRed Hat Product Security has rated this release as ...
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine CVE-2023-24998 Denial of service Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification Apache Tomcat was, therefore, also vulnerable to the Co ...
The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2) DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated For the oldstable distribution (bullseye), this problem has bee ...
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack) A wrong value for the overheadcount variable forced HTTP2 connections to close early For the oldstable distribution (bullseye), this problem has been fixed in version 9043-2~deb11u9 We recommend that you u ...
Apache Commons FileUpload before 15 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be ...
Tomcat: Memory leak (CVE-2022-4132) Apache Commons FileUpload before 15 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is ...
DescriptionThe MITRE CVE dictionary describes this issue as: Apache Commons FileUpload before 15 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads ...
A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack The attacker could then capture user names and passwords used to access the JMX interface ...
Apache Commons FileUpload before 15 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by d ...
A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack The attacker could then capture user names and passwords used to access the JMX interface ...
a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads ...
A vulnerability (CVE-2023-24998) exists in Cosminexus Component Container Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products For details about the fixed version about Cosminex ...
A vulnerability (CVE-2023-24998) exists in Hitachi Tuning Manager Affected products and versions are listed below Please upgrade your version to the appropriate version ...
A vulnerability (CVE-2023-24998) exists in Hitachi Command Suite, Hitachi Configuration Manager and Hitachi Ops Center Affected products and versions are listed below Please upgrade your version to the appropriate version The product name in Hitachi Command Suite is changed in Hitachi Ops Center series on some products To find fixed products, ...
A vulnerability (CVE-2023-24998) exists in JP1 Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities may occur when encrypted communications are enabled ...