QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-24998

Back to search

CVE-2023-24998

Published: Feb 20, 2023

Modified: Nov 3, 2025

PUBLISHED

Description

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

VendorProductVersions

Apache Software Foundation

Apache Commons FileUpload

affected
0 - < 1.5

Apache Software Foundation

Apache Tomcat

affected
11.0.0-M1
affected
10.0.0-M1 - <= 10.1.4
affected
9.0.0-M1 - <= 9.0.70
affected
8.5.0 - <= 8.5.84

Weaknesses (CWE)

CWE-770

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now