CVE-2023-42795

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 10, 2023
Updated: Nov 4, 2023
CWE ID 459

Summary

CVE-2023-42795 is an Incomplete Cleanup vulnerability in Apache Tomcat. It affects versions 11.0.0-M1 through 11.0.0-M11, 10.1.0-M1 through 10.1.13, 9.0.0-M1 through 9.0.80, and 8.5.0 through 8.5. 93 of Apache Tomcat software products. This vulnerability could allow for information leakage from the current request/response to the next if an error occurs during the recycling process of internal objects in Tomcat. To remediate this vulnerability, users are advised to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0 81 onwards, or 8. 5. 94 onwards, as these versions contain the necessary fixes for this issue. The potential danger this vulnerability poses to an organization is relatively low, with a base severity rating of MEDIUM and a base score of 5. 3 out of a maximum of 10 according to CVSS:3. 1 rating system provided by nvd@nist.gov. The confidentiality impact is rated as LOW and no privileges are required for exploitation. The attack vector is through the NETWORK and there is no user interaction required for exploitation. Overall, while organizations should take appropriate measures to upgrade their Apache Tomcat software to mitigate this vulnerability, the risk posed by it is not considered critical or severe.

Note: The report has been constructed based on the provided information without additional external sources; therefore it may not be exhaustive or reflect any recent developments regarding CVE-2023-42795

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42795 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options