Lucene search

[email protected]CVE-2023-42795

HistoryOct 10, 2023 - 6:15 p.m.

CVE-2023-42795

2023-10-1018:15:18

CWE-459

[email protected]

web.nvd.nist.gov

170

cve-2023-42795

apache tomcat

vulnerability

information leakage

upgrade

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could
cause Tomcat to skip some parts of the recycling process leading to
information leaking from the current request/response to the next.

Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Affected configurations

Vulners

NVD

Node

apache_software_foundationapache_strutsRange≤11.0.0-M11

apache_software_foundationapache_strutsRange≤10.1.13

apache_software_foundationapache_strutsRange≤9.0.80

apache_software_foundationapache_strutsRange≤8.5.93

VendorProductVersionCPE
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone19::
apachetomcat11.0.0cpe:/a:apache:tomcat:11.0.0:milestone7::
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone8::
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone12::
apachetomcat11.0.0cpe:/a:apache:tomcat:11.0.0:milestone6::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone15::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone20::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone23::
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone17::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone27::

Vendor	Product	Version	CPE
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone19::
apache	tomcat	11.0.0	cpe:/a:apache:tomcat:11.0.0:milestone7::
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone8::
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone12::
apache	tomcat	11.0.0	cpe:/a:apache:tomcat:11.0.0:milestone6::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone15::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone20::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone23::
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone17::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone27::

Rows per page:

1-10 of 581

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.0-M11",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.13",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.80",
        "status": "affected",
        "version": "9.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.93",
        "status": "affected",
        "version": "8.5.0",
        "versionType": "semver"
      }
    ]
  }
]