Debian: DSA-5521-1 Critical: Tomcat Multiple Security Issues
debian
October 10, 2023
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine
Summary
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
CVE-2023-28709
Denial of Service. If non-default HTTP connector settings were used such
that the maxParameterCount could be reached using query string parameters
and a request was submitted that supplied exactly maxParameterCount
parameters in the query string, the limit for uploaded request parts could
be bypassed with the potential for a denial of service to occur.
CVE-2023-41080
Open redirect. If the ROOT (default) web application is configured to use
FORM authentication then it is possible that a specially crafted URL could
be used to trigger a redirect to an URL of the attackers choice.
CVE-2023-42795
Information Disclosure. When recycling various internal objects, including
the request and the response, prior to re-use by the next request/response,
an error could cause Tomcat to skip some parts of the recycling process
leading to information leaking from ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: tomcat10
CVE ID: CVE-2023-28709 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!