{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T15:24:17.482","vulnerabilities":[{"cve":{"id":"CVE-2023-28709","sourceIdentifier":"security@apache.org","published":"2023-05-22T11:15:09.423","lastModified":"2025-02-13T17:16:16.537","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.85","versionEndIncluding":"8.5.87","matchCriteriaId":"7280B285-9594-4E06-BDAF-AF7731FAEC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.71","versionEndIncluding":"9.0.73","matchCriteriaId":"47B26F88-1764-45E5-A053-BF5B848074AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.5","versionEndIncluding":"10.1.7","matchCriteriaId":"CC9BAE63-AF35-4BB3-900C-C56653716362"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"2AAD52CE-94F5-4F98-A027-9A7E68818CB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"03A171AF-2EC8-4422-912C-547CDB58CAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF6650C-558D-45C8-AE7D-136EE70CB6D7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/05/22/1","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202305-37","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230616-0004/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5521","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/05/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202305-37","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230616-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5521","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}