CVE-2023-42794

CWE-45910 documents9 sources

Severity

5.9MEDIUM

EPSS

0.4%

top 42.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat Apache Software Foundation Apache Tomcat

Timeline

PublishedOct 10

Latest updateJan 15

Description

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Other, EOL …

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDapache/tomcat8.5.85 — 8.5.94+1

▶Mavenorg.apache.tomcat:tomcat-coyote9.0.70 — 9.0.81+1

▶CVEListV5apache_software_foundation/apache_tomcat9.0.70 — 9.0.80+1

🔴Vulnerability Details

CVEList

Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows↗2023-10-10

▶

OSV

CVE-2023-42794: Incomplete Cleanup vulnerability in Apache Tomcat↗2023-10-10

▶

GHSA

Apache Tomcat Incomplete Cleanup vulnerability↗2023-10-10

▶

OSV

Apache Tomcat Incomplete Cleanup vulnerability↗2023-10-10

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Core (Apache Tomcat) — CVE-2023-42794↗2024-01-15

▶

Atlassian

CVE-2023-42794: DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Confluence Data Center and Server↗2023-11-21

▶

Red Hat

tomcat: FileUpload: DoS due to accumulation of temporary files on Windows↗2023-10-10

▶

Debian

CVE-2023-42794: tomcat10 - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons...↗2023

▶

Apache

Apache tomcat: CVE-2023-42794↗

▶