CVE-2023-42795

Summary

CVE-2023-42795 is an Incomplete Cleanup vulnerability in Apache Tomcat. It affects versions 11.0.0-M1 through 11.0.0-M11, 10.1.0-M1 through 10.1.13, 9.0.0-M1 through 9.0.80, and 8.5.0 through 8.5. 93 of Apache Tomcat software products. This vulnerability could allow for information leakage from the current request/response to the next if an error occurs during the recycling process of internal objects in Tomcat. To remediate this vulnerability, users are advised to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0 81 onwards, or 8. 5. 94 onwards, as these versions contain the necessary fixes for this issue. The potential danger this vulnerability poses to an organization is relatively low, with a base severity rating of MEDIUM and a base score of 5. 3 out of a maximum of 10 according to CVSS:3. 1 rating system provided by [email protected]. The confidentiality impact is rated as LOW and no privileges are required for exploitation. The attack vector is through the NETWORK and there is no user interaction required for exploitation. Overall, while organizations should take appropriate measures to upgrade their Apache Tomcat software to mitigate this vulnerability, the risk posed by it is not considered critical or severe. Note: The report has been constructed based on the provided information without additional external sources; therefore it may not be exhaustive or reflect any recent developments regarding CVE-2023-42795

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.