跳转到帖子

SUSE: CVE-2023-24998: SUSE Linux Security Advisory

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

SUSE: CVE-2023-24998: SUSE Linux Security Advisory

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
02/20/2023
Created
03/13/2023
Added
03/13/2023
Modified
01/28/2025

Description

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Solution(s)

  • suse-upgrade-apache-commons-fileupload
  • suse-upgrade-apache-commons-fileupload-javadoc
  • suse-upgrade-jakarta-commons-fileupload
  • suse-upgrade-jakarta-commons-fileupload-javadoc
  • suse-upgrade-tomcat
  • suse-upgrade-tomcat-admin-webapps
  • suse-upgrade-tomcat-docs-webapp
  • suse-upgrade-tomcat-el-3_0-api
  • suse-upgrade-tomcat-embed
  • suse-upgrade-tomcat-javadoc
  • suse-upgrade-tomcat-jsp-2_3-api
  • suse-upgrade-tomcat-jsvc
  • suse-upgrade-tomcat-lib
  • suse-upgrade-tomcat-servlet-3_1-api
  • suse-upgrade-tomcat-servlet-4_0-api
  • suse-upgrade-tomcat-webapps

References

  • https://attackerkb.com/topics/cve-2023-24998
  • CVE - 2023-24998
  • 引用
  • Mention
    • 查看数 695
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表