CVE-2023-42795 MEDIUM

Published: 2023-10-10 | Last Modified: 2025-08-07 | Status: Modified

Description

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Additional Descriptions (1)

Vulnerabilidad de limpieza incompleta en Apache Tomcat. Al reciclar varios objetos internos en Apache Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.80 y Desde 8.5.0 hasta 8.5.93, un error podría hacer que Tomcat se salte algunas partes del proceso de reciclaje, lo que provocaría que se filtrara información de la solicitud/respuesta actual a la siguiente. Se recomienda a los usuarios actualizar a la versión 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	LOW
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-459

Affected Products

Vendor	Product	Version	Update	Type
apache	tomcat	*	<built-in method update of dict object at 0x72a9cd08fb40>	Application
apache	tomcat	*	<built-in method update of dict object at 0x72a999778140>	Application
apache	tomcat	*	<built-in method update of dict object at 0x72a9b0a6f600>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a961ec3600>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9cd08eac0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9cd08c9c0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9b0a6ca40>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a999778100>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9b0a6cdc0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9cd08ca40>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a99977b380>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a961ec2dc0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9b0a6cc80>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a963c69ec0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a999778400>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9b0a6e300>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a961ec0540>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9cd08d6c0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a99977aac0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a961ec1280>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a963c6bf00>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a963c69d00>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9b0a6d440>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a961ec1200>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9cc76f440>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a963c68580>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9997782c0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9cd08fec0>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a9b0a6c640>	Application
apache	tomcat	9.0.0	<built-in method update of dict object at 0x72a961ec3a80>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec1740>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec1140>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec1c40>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec3640>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec8680>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cd08e2c0>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec1e40>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec15c0>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec1540>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec21c0>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec1cc0>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec0680>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec2700>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a961ec2780>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cc76c3c0>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cd08e100>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cd08c840>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cd08fa40>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cd08ef40>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9cd08ed80>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9cd08e280>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9cd08e8c0>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a949bef000>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9b0a6df80>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9b0a6cf80>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9b0a6e7c0>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a949beedc0>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9b0a6f9c0>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a9b0a6e4c0>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a949bdeb40>	Application
apache	tomcat	11.0.0	<built-in method update of dict object at 0x72a949bde940>	Application
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a9b0a6d400>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x72a9b0a6cd00>	Operating System
debian	debian_linux	12.0	<built-in method update of dict object at 0x72a9b0a6e0c0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:apache:tomcat::::::::`
Yes	`cpe:2.3:a:apache:tomcat::::::::`
Yes	`cpe:2.3:a:apache:tomcat::::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::`
Yes	`cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::`
Yes	`cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:12.0:::::::*`

References

https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
Source: [email protected]

Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/10/10/9
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20231103-0007/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.debian.org/security/2023/dsa-5521
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2023/dsa-5522
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory