Re: CVE-2023-28709 incomplete fix

;Affects: 9.0.71 to 9.0.73" What isn't clear about the affected versions from that information? Mark -Original Message- From: Mark Thomas Sent: Wednesday, July 12, 2023 10:25 PM To: Tomcat Users List Subject: Re: CVE-2023-28709 incomplete fix 12 Jul 2023 13:23:32 Prodan, Andr

RE: CVE-2023-28709 incomplete fix

Whether that is something which happened in the versions < 9.0.74 and now in the versions >= 9.0.74 is not the case anymore. -Original Message- From: Mark Thomas Sent: Wednesday, July 12, 2023 10:25 PM To: Tomcat Users List Subject: Re: CVE-2023-28709 incomplete fix 12 Jul 2

Re: CVE-2023-28709 incomplete fix

12 Jul 2023 13:23:32 Prodan, Andreea Adriana : Hello, In regard to CVE-2023-28709 we would like to know if the vulnerability caused by the incomplete fix, "If non-default HTTP connector settings were used such that the maxPa

CVE-2023-28709 incomplete fix

Hello, In regard to CVE-2023-28709 we would like to know if the vulnerability caused by the incomplete fix, "If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string param