CVE-2023-24998
CVSS V2 None
CVSS V3 None
Description
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Overview
- CVE ID
- CVE-2023-24998
- Assigner
- security@apache.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-20T16:15:10
- Last Modified Date
- 2023-03-01T15:09:21
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:* | 1 | OR | 1.0 | 1.5 |
| cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy | Mailing List Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:59:39 | Added to TrackCVE | |||
| 2023-04-17 07:59:41 | Weakness Enumeration | new |