PT-2023-6027 · Apache+9 · Apache Tomcat+9

Mark Thomas

·

Publicado

2023-10-10

·

Atualizado

2026-03-26

·

CVE-2023-42795

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M11 Apache Tomcat versions 10.1.0-M1 through 10.1.13 Apache Tomcat versions 9.0.0-M1 through 9.0.80 Apache Tomcat versions 8.5.0 through 8.5.93
Description The issue is related to an Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects, an error could cause Tomcat to skip some parts of the recycling process, leading to information leaking from the current request/response to the next.
Recommendations Upgrade to version 11.0.0-M12 onwards Upgrade to version 10.1.14 onwards Upgrade to version 9.0.81 onwards Upgrade to version 8.5.94 onwards

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-459

Identificadores relacionados

ALSA-2024:0125
ALSA-2024:0474
ALT-PU-2023-8058
ALT-PU-2024-4687
ALT-PU-2024-4975
ALT-PU-2025-2379
ALT-PU-2025-9146
BDU:2023-06728
BIT-TOMCAT-2023-42795
CESA-2024_0125
CVE-2023-42795
DLA-3617-1
DSA-5521-1
DSA-5522-1
GHSA-G8PJ-R55Q-5C2V
MGASA-2023-0319
OESA-2024-1100
OPENSUSE-SU-2024:13382-1
OPENSUSE-SU-2024_0472-1
RHSA-2023:6206
RHSA-2024:0125
RHSA-2024:0474
RHSA-2024_0125
RHSA-2024_0474
ROSA-SA-2024-2418
SUSE-SU-2023:4337-1
SUSE-SU-2023:4423-1
SUSE-SU-2023_4337-1
SUSE-SU-2024:0472-1
SUSE-SU-2026:1058-1
USN-7106-1
USN-7562-1

Produtos afetados

Alt Linux
Almalinux
Apache Tomcat
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Suse
Ubuntu