Rewterz Threat Advisory – CVE-2023-28709 – Apache Tomcat Vulnerability

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC WS Series Vulnerability

May 22, 2023

Rewterz Threat Advisory – Multiple Apple Safari, iOS and iPadOS Vulnerabilities

May 23, 2023

Rewterz Threat Advisory – CVE-2023-28709 – Apache Tomcat Vulnerability

Severity

High

Analysis Summary

CVE-2023-28709

Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix for CVE-2023-24998 related to the failure to limit the number of request parts to be processed in the file upload function. By sending a specially crafted request using query string parameters, a remote attacker could exploit this vulnerability to cause a denial of service.

Impact

Denial of Service

Indicators Of Compromise

CVE

CVE-2023-28709

Affected Vendors

Apache

Affected Products

Apache Tomcat 8.5.85
Apache Tomcat 9.0.71
Apache Tomcat 10.1.5
Apache Tomcat 11.0.0-M2

Remediation

Upgrade to the latest version of Apache Tomcat, available from the Apache Web site.

Apache Web site

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC WS Series Vulnerability

Rewterz Threat Advisory – Multiple Apple Safari, iOS and iPadOS Vulnerabilities

Rewterz Threat Advisory – CVE-2023-28709 – Apache Tomcat Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan