PT-2023-6028 · Apache+6 · Apache Tomcat+7

Mohammad Khedmatgozar

Publicado

2023-10-10

Atualizado

2024-06-15

CVE-2023-42794

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.85 through 8.5.93 Apache Tomcat versions 9.0.70 through 9.0.80

Description The internal fork of Commons FileUpload packaged with Apache Tomcat included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk, creating the possibility of an eventual denial of service due to the disk being full.

Recommendations For Apache Tomcat versions 8.5.85 through 8.5.93, upgrade to version 8.5.94 onwards. For Apache Tomcat versions 9.0.70 through 9.0.80, upgrade to version 9.0.81 onwards.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-459

Identificadores relacionados

ALSA-2024:0125

ALSA-2024:0474

BDU:2023-06729

BIT-TOMCAT-2023-42794

CESA-2024_0125

CVE-2023-42794

GHSA-JM7M-8JH6-29HP

OPENSUSE-SU-2024:13382-1

OPENSUSE-SU-2024_0472-1

RHSA-2024:0125

RHSA-2024:0474

RHSA-2024_0125

RHSA-2024_0474

ROSA-SA-2024-2418

SUSE-SU-2024:0472-1

SUSE-SU-2024_0472-1

Produtos afetados

Almalinux

Apache Tomcat

Bamboo

Centos

Confluence

Red Hat

Red Os

Suse

PT-2023-6028 · Apache+6 · Apache Tomcat+7

CVE-2023-42794

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 62