Denial of Service Vulnerability in DotCMS by DotCMS
CVE-2022-37034

5.3MEDIUM

Key Information:

Vendor: Dotcms
Status: Dotcms
Vendor: CVE Published:; 1 February 2023

What is CVE-2022-37034?

The vulnerability in DotCMS versions 5.x-22.06 allows multiple calls to the TempResource, which can lead to excessive requests for large file downloads. As the server processes these repeated demands, it experiences request-thread exhaustion in Tomcat, resulting in an inability to handle additional requests efficiently. This can lead to service disruptions for legitimate users, affecting overall server availability and functionality.

References

https://www.dotcms.com/security/SI-65

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jul 29, 2022

JSON

Dotcms

What is CVE-2022-37034?

References

CVSS V3.1

Timeline