...
Apache Tomcat CVE score Critical and High
date | CVE | description | versions | Risk for Delft-FEWS | JIRA | upgrade strategy |
---|---|---|---|---|---|---|
May 2023 | CVE-2022-28079 | The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector |
settings were used such that the maxParameterCount could be reached |
using query string parameters and a request was submitted that supplied |
exactly maxParameterCount parameters in the query string, the limit for |
uploaded request parts could be bypassed with the potential for a denial |