F5-K000135262
First published: Wed Jun 28 2023(Updated: )
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP and BIG-IQ Centralized Management | >=17.0.0<=17.1.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.3 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.9 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=14.1.0<=14.1.5 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=13.1.0<=13.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000135262?
The vulnerability F5-K000135262 has been classified as high severity due to its potential to compromise system integrity.
How do I fix F5-K000135262?
To fix F5-K000135262, ensure that you upgrade Apache Tomcat to versions not affected by CVE-2023-24998, specifically beyond the affected versions.
Which products are affected by F5-K000135262?
F5-K000135262 affects multiple versions of F5 BIG-IP ranging from version 13.1.0 to the latest release of 17.1.0.
What is the impact of F5-K000135262?
The impact of F5-K000135262 could allow an attacker to execute unauthorized commands or affect service availability.
Is there a workaround for F5-K000135262?
A potential workaround for F5-K000135262 is to review and modify the non-default HTTP connector settings to mitigate the risk until a proper patch is applied.
- agent/references
- agent/last-modified-date
- agent/severity
- agent/source
- agent/description
- agent/type
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- agent/event
- collector/f5-advisory
- source/F5
- alias/CVE-2023-28709
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/17.0.0
- version/f5 big-ip and big-iq centralized management/17.1.0
- version/f5 big-ip and big-iq centralized management/16.1.0
- version/f5 big-ip and big-iq centralized management/16.1.3
- version/f5 big-ip and big-iq centralized management/15.1.0
- version/f5 big-ip and big-iq centralized management/15.1.9
- version/f5 big-ip and big-iq centralized management/14.1.0
- version/f5 big-ip and big-iq centralized management/14.1.5
- version/f5 big-ip and big-iq centralized management/13.1.0
- version/f5 big-ip and big-iq centralized management/13.1.5