Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-42794

UNKNOWN
Published 2023-10-10T17:17:01.378Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-42794. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased,
in progress refactoring that exposed a potential denial of service on
Windows if a web application opened a stream for an uploaded file but
failed to close the stream. The file would never be deleted from disk
creating the possibility of an eventual denial of service due to the
disk being full.

Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Tomcat

Affected Versions:

9.0.70 8.5.85

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Apache Tomcat Incomplete Cleanup vulnerability

GHSA-jm7m-8jh6-29hp

Advisory Details

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Affected Packages

Maven org.apache.tomcat:tomcat-coyote
ECOSYSTEM: ≥9.0.70 <9.0.81
Maven org.apache.tomcat:tomcat-coyote
ECOSYSTEM: ≥8.5.85 <8.5.94

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-42794
PACKAGE https://github.com/apache/tomcat
WEB https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
WEB http://www.openwall.com/lists/oss-security/2023/10/10/8

Advisory provided by GitHub Security Advisory Database. Published: October 10, 2023, Modified: February 13, 2025

References

https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
http://www.openwall.com/lists/oss-security/2023/10/10/8
Published: 2023-10-10T17:17:01.378Z
Last Modified: 2025-02-13T17:09:43.707Z
Copied to clipboard!