Dear CBA customers and partners,
We have been made aware of the vulnerability (CVE-2023-24998) referred to as Apache Tomcat denial of service vulnerability. This affects Apache Tomcat versions 8.5.0 to 8.5.84.
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
We will be upgrading Apache Tomcat to a newer version.
We will continue to monitor the progression of the situation, including but not limited to any secondary vulnerabilities that appear to be related to Apache Tomcat DoS, and will provide further updates should the situation change.
If you require further information, please contact us at email@example.com.
Communication Business Avenue, Inc