Rapid7 Vulnerability & Exploit Database

Apache Tomcat: Low: Denial of Service (CVE-2023-42794)

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Apache Tomcat: Low: Denial of Service (CVE-2023-42794)

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

10/11/2023

Created

10/11/2023

Added

10/11/2023

Modified

10/18/2023

Description

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Solution(s)

apache-tomcat-upgrade-8_5_94
apache-tomcat-upgrade-9_0_81

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Apache Tomcat: Low: Denial of Service (CVE-2023-42794)

Apache Tomcat: Low: Denial of Service (CVE-2023-42794)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.