Home > Vulnerability Database > CVE-2023-42795

Mend.io Vulnerability Database

CVE-2023-42795

Good to know:

Date: October 10, 2023

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Language: Java

Severity Score

5.3

Related Resources (15)

Url: https://security-tracker.debian.org/tracker/CVE-2023-42795

Url: http://www.openwall.com/lists/oss-security/2023/10/10/9

Url: https://security.netapp.com/advisory/ntap-20231103-0007/

Url: https://www.debian.org/security/2023/dsa-5522

Url: https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw

Url: https://www.debian.org/security/2023/dsa-5521

Url: https://github.com/apache/tomcat

Url: https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75

Url: https://security.netapp.com/advisory/ntap-20231103-0007

Url: https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html

Url: https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38

Url: https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42795

Url: https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf

Url: https://www.mend.io/vulnerability-database/CVE-2023-42795

Severity Score

5.3

Weakness Type (CWE)

Incomplete Cleanup

CWE-459

Top Fix

Upgrade Version

Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:8.5.94;org.apache.tomcat.embed:tomcat-embed-core:11.0.0-M12;org.apache.tomcat.embed:tomcat-embed-core:10.1.14;org.apache.tomcat.embed:tomcat-embed-core:9.0.81;org.apache.tomcat:tomcat-coyote:10.1.14;org.apache.tomcat:tomcat-coyote:11.0.0-M12;org.apache.tomcat:tomcat:9.0.81;org.apache.tomcat:tomcat:8.5.94

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-42795

Good to know:

Date: October 10, 2023

Language: Java

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?