CVE-2023-42794

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/10/10/8	Mailing List Third Party Advisory
https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::

History

11 Dec 2023, 18:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.9

16 Oct 2023, 14:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apache:tomcat::::::::
References	~~(MISC) http://www.openwall.com/lists/oss-security/2023/10/10/8 -~~	(MISC) http://www.openwall.com/lists/oss-security/2023/10/10/8 - Mailing List, Third Party Advisory
References	~~(MISC) https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82 -~~	(MISC) https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82 - Mailing List, Vendor Advisory
First Time		Apache Apache tomcat
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

10 Oct 2023, 21:15

Type	Values Removed	Values Added
References		(MISC) http://www.openwall.com/lists/oss-security/2023/10/10/8 -

10 Oct 2023, 18:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-10 18:15

Updated : 2023-12-11 18:23

NVD link : CVE-2023-42794

Mitre link : CVE-2023-42794

CVE.ORG link : CVE-2023-42794

JSON object : View

Products Affected

apache

tomcat

CWE

CWE-459

Incomplete Cleanup

{"id": "CVE-2023-42794", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-10-10T18:15:18.863", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-459"}]}], "descriptions": [{"lang": "en", "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\u00eda una refactorizaci\u00f3n en curso que expuso una posible denegaci\u00f3n de servicio en Windows si una aplicaci\u00f3n web abr\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\u00eda del disco, creando la posibilidad de una eventual denegaci\u00f3n de servicio debido a que el disco est\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema."}], "lastModified": "2023-12-11T18:23:56.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EFFF75C-6B29-4D93-A8EC-BC8360D0048E", "versionEndExcluding": "8.5.94", "versionStartIncluding": "8.5.85"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F819B992-BA2C-4A30-A8A1-C57806AB1C31", "versionEndExcluding": "9.0.81", "versionStartIncluding": "9.0.70"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}