Description

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Remediation

References

CVE-2023-42795

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5541)

Django Resource Management Errors Vulnerability (CVE-2014-0474)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-39193)

WordPress Plugin Mobile browser color select Cross-Site Request Forgery (1.0.1)

WordPress Plugin GiveWP-Donation and Fundraising Platform Security Bypass (2.5.4)

Severity

Medium

Classification

CVE-2023-42795 CWE-459 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities