CVE-2023-28709 - Denial of Service (DoS)

Severity: None2023-07-26

Security Advisories

Abstract

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

The Oxygen products incorporate Apache Tomcat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Web Author v25.1.0.1 and olderNone N/A

Mitigation

None

Detail

CVE-2023-28709

Severity: High

CVSS Score: 7.5

The Apache Tomcat third-party library used by Oxygen XML Web Author is an affected version mentioned in CVE-2023-28709 vulnerability description. However, since default HTTP connector settings are used, this vulnerability does not affect Oxygen XML Web Author.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor