Published: 10/10/2023 Updated: 11/12/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 up to and including 9.0.80 and 8.5.85 up to and including 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat

Synopsis Critical: Red Hat Fuse 7121 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 712 to 7121) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

Synopsis Moderate: Red Hat JBoss Web Server 577 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 577 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows ServerRed Hat Product Security has rated this update as h ...

CWE-459 https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82 http://www.openwall.com/lists/oss-security/2023/10/10/8 https://access.redhat.com/errata/RHSA-2023:7247 https://nvd.nist.gov

CVE-2023-42794

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect