Home > Vulnerability Database > CVE-2023-42794

Mend.io Vulnerability Database

CVE-2023-42794

Good to know:

Date: October 10, 2023

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Language: Java

Severity Score

5.9

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42794

Url: http://www.openwall.com/lists/oss-security/2023/10/10/8

Url: https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82

Url: https://www.mend.io/vulnerability-database/CVE-2023-42794

Severity Score

5.9

Weakness Type (CWE)

Incomplete Cleanup

CWE-459

Top Fix

Upgrade Version

Upgrade to version org.apache.tomcat.embed:tomcat-embed-core - 9.0.81,8.5.94;org.apache.tomcat:tomcat-coyote - 10.0.0-M1,8.5.94

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-42794

Good to know:

Date: October 10, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?