CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 1CVE-2023-41080 – Apache Tomcat: Open redirect with FORM authentication
https://notcve.org/view.php?id=CVE-2023-41080
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. Vulnerabilidad de redirección de URL a sitio no fiable ('Open Redirect') en la función de autenticación FORM de Apache Tomcat. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.0-M10, de 10.1.0-M1 a 10.0.12, de 9.0.0-M1 a 9.0.79 y de 8.5.0 a 8.5.92. La vulnerabilidad se limita a la aplicación web ROOT (por defecto). A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. • https://github.com/shiomiyan/CVE-2023-41080 https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.netapp.com/advisory/ntap-20230921-0006 https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2235370 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-28709 – Apache Tomcat: Fix for CVE-2023-24998 is incomplete
https://notcve.org/view.php?id=CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. • http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j https://security.gentoo.org/glsa/202305-37 https://security.netapp.com/advisory/ntap-20230616-0004 https://www.debian.org/security/2023/dsa-5521 https://access.redhat.com/security/cve/CVE-2023-28709 https://bugzilla.redhat.com/show_bug.cgi?id=2210321 • CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28708 – Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations
https://notcve.org/view.php?id=CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. • https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 https://access.redhat.com/security/cve/CVE-2023-28708 https://bugzilla.redhat.com/show_bug.cgi?id=2180856 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-523: Unprotected Transport of Credentials •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-45143 – Apache Tomcat: JsonErrorReportValve escaping
https://notcve.org/view.php?id=CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values. • https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj https://security.gentoo.org/glsa/202305-37 https://access.redhat.com/security/cve/CVE-2022-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2158695 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-116: Improper Encoding or Escaping of Output •