Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2023-42795

UNKNOWN
Published 2023-10-10T17:42:16.705Z
Actions:
No CVSS data available

Description

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could
cause Tomcat to skip some parts of the recycling process leading to
information leaking from the current request/response to the next.

Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Available Exploits

No exploits available for this CVE.

Related News

F5 Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in F5 Products, attacker can exploit this vulnerability to trigger sensitive information disclosure and denial of service condition on the targeted system. Note: No patch is currently available for CVE-2023-42795…

Hkcert.org 2025-04-16 02:52
Read More

Affected Products

Apache Software Foundation

Apache Tomcat

Affected Versions:

11.0.0-M1 10.1.0-M1 9.0.0-M1 8.5.0
apache

accumulo

Affected Versions:

11.0.0-m1 10.10-m1 9.0.0-m1 8.5.0

References

https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
http://www.openwall.com/lists/oss-security/2023/10/10/9
https://www.debian.org/security/2023/dsa-5522
https://www.debian.org/security/2023/dsa-5521
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://security.netapp.com/advisory/ntap-20231103-0007/
Published: 2023-10-10T17:42:16.705Z
Last Modified: 2025-02-13T17:09:44.254Z
Copied to clipboard!