漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Tomcat: Fix for CVE-2023-24998 is incomplete
Vulnerability Description
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
CVSS Information
N/A
Vulnerability Type
Off-by-one错误
Vulnerability Title
Apache Tomcat 安全漏洞
Vulnerability Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下版本受到影响:11.0.0-M2版本至11.0.0-M4版本、10.1.5版本至10.1.7版本、9.0.71版本至9.0.73版本、8.5.85版本至8.5.87版本。
CVSS Information
N/A
Vulnerability Type
N/A