| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Low |
| Requires Admin Access: | No |
| Fix Version: | 22.10+, LTS 21.06.12+, LTS 22.03.4+ |
| Credit: | Fortinet / Thanh Nguyen Nguyen |
| Description: |
It is possible to call the TempFileResource multiple times, each time requesting the dotCMS server to download a large file. If done enough repeatedly, this will result in the Tomcat Request Thread pool to be exhausted and ultimately a denial of any other requests. This vulnerability was introduced in dotCMS version 5.2.0. Users of versions before that are not affected by this vulnerability report. |
| Mitigation: |
|
| References |
|