{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42794", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-09-14T12:05:53.583Z", "datePublished": "2023-10-10T17:17:01.378Z", "dateUpdated": "2024-08-02T19:30:24.246Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "9.0.80", "status": "affected", "version": "9.0.70", "versionType": "semver"}, {"lessThanOrEqual": "8.5.93", "status": "affected", "version": "8.5.85", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mohammad Khedmatgozar (cellbox)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incomplete Cleanup vulnerability in Apache Tomcat.<br><br>The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n<br><p><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.</span><br></p>"}], "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-10-10T17:17:01.378Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.246Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EFFF75C-6B29-4D93-A8EC-BC8360D0048E", "versionEndExcluding": "8.5.94", "versionStartIncluding": "8.5.85", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "F819B992-BA2C-4A30-A8A1-C57806AB1C31", "versionEndExcluding": "9.0.81", "versionStartIncluding": "9.0.70", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\u00eda una refactorizaci\u00f3n en curso que expuso una posible denegaci\u00f3n de servicio en Windows si una aplicaci\u00f3n web abr\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\u00eda del disco, creando la posibilidad de una eventual denegaci\u00f3n de servicio debido a que el disco est\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema."}], "id": "CVE-2023-42794", "lastModified": "2023-12-11T18:23:56.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T18:15:18.863", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "security@apache.org", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0125", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tomcat-1:9.0.62-27.el8_9.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-10T00:00:00Z"}, {"advisory": "RHSA-2024:0474", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tomcat-1:9.0.62-37.el9_3.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:7247", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "tomcat", "product_name": "Red Hat Fuse 7.12.1", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7623", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2023-12-07T00:00:00Z"}], "bugzilla": {"description": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows", "id": "2243751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-459", "details": ["Incomplete Cleanup vulnerability in Apache Tomcat.\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available for this flaw."}, "name": "CVE-2023-42794", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Affected", "package_name": "tomcat", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pki-servlet-container", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "tomcat", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Web Server 5"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "tomcat", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Not affected", "package_name": "devspaces/server-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "streams for Apache Kafka"}], "public_date": "2023-10-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-42794\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42794\nhttp://www.openwall.com/lists/oss-security/2023/10/10/8\nhttps://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"], "statement": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.", "threat_severity": "Moderate", "upstream_fix": "tomcat 9.0.81, tomcat 8.5.94"}