PT-2023-6027 · Apache+9 · Apache Tomcat+9

Mark Thomas

·

Published

2023-10-10

·

Updated

2026-03-26

·

CVE-2023-42795

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M11 Apache Tomcat versions 10.1.0-M1 through 10.1.13 Apache Tomcat versions 9.0.0-M1 through 9.0.80 Apache Tomcat versions 8.5.0 through 8.5.93
Description The issue is related to an Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects, an error could cause Tomcat to skip some parts of the recycling process, leading to information leaking from the current request/response to the next.
Recommendations Upgrade to version 11.0.0-M12 onwards Upgrade to version 10.1.14 onwards Upgrade to version 9.0.81 onwards Upgrade to version 8.5.94 onwards

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

ALSA-2024:0125
ALSA-2024:0474
ALT-PU-2023-8058
ALT-PU-2024-4687
ALT-PU-2024-4975
ALT-PU-2025-2379
ALT-PU-2025-9146
BDU:2023-06728
BIT-TOMCAT-2023-42795
CESA-2024_0125
CVE-2023-42795
DLA-3617-1
DSA-5521-1
DSA-5522-1
GHSA-G8PJ-R55Q-5C2V
MGASA-2023-0319
OESA-2024-1100
OPENSUSE-SU-2024:13382-1
OPENSUSE-SU-2024_0472-1
RHSA-2023:6206
RHSA-2024:0125
RHSA-2024:0474
RHSA-2024_0125
RHSA-2024_0474
ROSA-SA-2024-2418
SUSE-SU-2023:4337-1
SUSE-SU-2023:4423-1
SUSE-SU-2023_4337-1
SUSE-SU-2024:0472-1
SUSE-SU-2026:1058-1
USN-7106-1
USN-7562-1

Affected Products

Alt Linux
Almalinux
Apache Tomcat
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Suse
Ubuntu