PT-2023-13520 · Dotcms+1 · Dotcms+1

Published

2023-02-01

Updated

2025-03-27

CVE-2022-37034

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions dotCMS versions 5.x through 22.06

Description The issue allows an attacker to call the TempResource multiple times, requesting the dotCMS server to download a large file each time. If done repeatedly, this will result in Tomcat request-thread exhaustion, ultimately leading to a denial of any other requests.

Recommendations For dotCMS versions 5.x through 22.06, consider restricting access to the TempResource to minimize the risk of exploitation, as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2022-37034

Affected Products

Apache Tomcat

Dotcms

PT-2023-13520 · Dotcms+1 · Dotcms+1

CVE-2022-37034

Weakness Enumeration

Related Identifiers

Affected Products

References · 7