5.3

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
cause Tomcat to skip some parts of the recycling process leading to 
information leaking from the current request/response to the next.
Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Data is provided by the National Vulnerability Database (NVD)
ApacheTomcat Version >= 8.5.0 < 8.5.94
ApacheTomcat Version >= 9.0.1 < 9.0.81
ApacheTomcat Version >= 10.1.1 < 10.1.14
ApacheTomcat Version9.0.0 Updatemilestone1
ApacheTomcat Version9.0.0 Updatemilestone10
ApacheTomcat Version9.0.0 Updatemilestone11
ApacheTomcat Version9.0.0 Updatemilestone12
ApacheTomcat Version9.0.0 Updatemilestone13
ApacheTomcat Version9.0.0 Updatemilestone14
ApacheTomcat Version9.0.0 Updatemilestone15
ApacheTomcat Version9.0.0 Updatemilestone16
ApacheTomcat Version9.0.0 Updatemilestone17
ApacheTomcat Version9.0.0 Updatemilestone18
ApacheTomcat Version9.0.0 Updatemilestone19
ApacheTomcat Version9.0.0 Updatemilestone2
ApacheTomcat Version9.0.0 Updatemilestone20
ApacheTomcat Version9.0.0 Updatemilestone21
ApacheTomcat Version9.0.0 Updatemilestone22
ApacheTomcat Version9.0.0 Updatemilestone23
ApacheTomcat Version9.0.0 Updatemilestone24
ApacheTomcat Version9.0.0 Updatemilestone25
ApacheTomcat Version9.0.0 Updatemilestone26
ApacheTomcat Version9.0.0 Updatemilestone27
ApacheTomcat Version9.0.0 Updatemilestone3
ApacheTomcat Version9.0.0 Updatemilestone4
ApacheTomcat Version9.0.0 Updatemilestone5
ApacheTomcat Version9.0.0 Updatemilestone6
ApacheTomcat Version9.0.0 Updatemilestone7
ApacheTomcat Version9.0.0 Updatemilestone8
ApacheTomcat Version9.0.0 Updatemilestone9
ApacheTomcat Version10.1.0 Updatemilestone1
ApacheTomcat Version10.1.0 Updatemilestone10
ApacheTomcat Version10.1.0 Updatemilestone11
ApacheTomcat Version10.1.0 Updatemilestone12
ApacheTomcat Version10.1.0 Updatemilestone13
ApacheTomcat Version10.1.0 Updatemilestone14
ApacheTomcat Version10.1.0 Updatemilestone15
ApacheTomcat Version10.1.0 Updatemilestone16
ApacheTomcat Version10.1.0 Updatemilestone17
ApacheTomcat Version10.1.0 Updatemilestone18
ApacheTomcat Version10.1.0 Updatemilestone19
ApacheTomcat Version10.1.0 Updatemilestone2
ApacheTomcat Version10.1.0 Updatemilestone20
ApacheTomcat Version10.1.0 Updatemilestone3
ApacheTomcat Version10.1.0 Updatemilestone4
ApacheTomcat Version10.1.0 Updatemilestone5
ApacheTomcat Version10.1.0 Updatemilestone6
ApacheTomcat Version10.1.0 Updatemilestone7
ApacheTomcat Version10.1.0 Updatemilestone8
ApacheTomcat Version10.1.0 Updatemilestone9
ApacheTomcat Version11.0.0 Updatemilestone1
ApacheTomcat Version11.0.0 Updatemilestone10
ApacheTomcat Version11.0.0 Updatemilestone11
ApacheTomcat Version11.0.0 Updatemilestone2
ApacheTomcat Version11.0.0 Updatemilestone3
ApacheTomcat Version11.0.0 Updatemilestone4
ApacheTomcat Version11.0.0 Updatemilestone5
ApacheTomcat Version11.0.0 Updatemilestone6
ApacheTomcat Version11.0.0 Updatemilestone7
ApacheTomcat Version11.0.0 Updatemilestone8
ApacheTomcat Version11.0.0 Updatemilestone9
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
DebianDebian Linux Version12.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.69% 0.71
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.