Rewterz Threat Advisory – CVE-2023-25613 – Apache Kerby Vulnerability

February 21, 2023

Rewterz Threat Advisory – CVE-2023-25653 – Cisco node-jose Vulnerability

February 21, 2023

Rewterz Threat Advisory – CVE-2023-24998 – Apache Commons FileUpload and Tomcat Vulnerability

February 21, 2023

Severity

High

Analysis Summary

CVE-2023-24998

Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Denial of Service

Indicators Of Compromise

CVE

CVE-2023-24998

Affected Vendors

Apache

Affected Products

Apache Tomcat 10.1.0-M1
Apache Tomcat 10.1.4
Apache Commons FileUpload 1.0-beta-1
Apache Commons FileUpload 1.4

Remediation

Upgrade to the latest version of Apache Commons FileUpload, Apache Tomcat, available from the Apache Website.

Apache Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2023-25613 – Apache Kerby Vulnerability

Rewterz Threat Advisory – CVE-2023-25653 – Cisco node-jose Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.