...
Apache Tomcat CVE score Critical and High
| date | CVE | description | versions | Risk for Delft-FEWS | JIRA | upgrade strategy |
|---|---|---|---|---|---|---|
| May 2023 | CVE-2022-28079 | The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector |
| settings were used such that the maxParameterCount could be reached |
| using query string parameters and a request was submitted that supplied |
| exactly maxParameterCount parameters in the query string, the limit for |
| uploaded request parts could be bypassed with the potential for a denial |