CVE-2023-42794 (GCVE-0-2023-42794)

Vulnerability from cvelistv5 – Published: 2023-10-10 17:17 – Updated: 2025-10-29 12:04
VLAI?
Summary
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Other, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Tomcat Affected: 9.0.70 , ≤ 9.0.80 (semver)
Affected: 8.5.85 , ≤ 8.5.93 (semver)
Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)
Create a notification for this product.
Credits
Mohammad Khedmatgozar (cellbox)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.0.80",
              "status": "affected",
              "version": "9.0.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.93",
              "status": "affected",
              "version": "8.5.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mohammad Khedmatgozar (cellbox)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\u003cbr\u003e\u003cbr\u003eThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eOther, EOL versions may also be affected.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nOther, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459 Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T12:04:10.367Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-42794",
    "datePublished": "2023-10-10T17:17:01.378Z",
    "dateReserved": "2023-09-14T12:05:53.583Z",
    "dateUpdated": "2025-10-29T12:04:10.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.85\", \"versionEndExcluding\": \"8.5.94\", \"matchCriteriaId\": \"7EFFF75C-6B29-4D93-A8EC-BC8360D0048E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.70\", \"versionEndExcluding\": \"9.0.81\", \"matchCriteriaId\": \"F819B992-BA2C-4A30-A8A1-C57806AB1C31\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Incomplete Cleanup vulnerability in Apache Tomcat.\\n\\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \\nin progress refactoring that exposed a potential denial of service on \\nWindows if a web application opened a stream for an uploaded file but \\nfailed to close the stream. The file would never be deleted from disk \\ncreating the possibility of an eventual denial of service due to the \\ndisk being full.\\n\\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\\u00eda una refactorizaci\\u00f3n en curso que expuso una posible denegaci\\u00f3n de servicio en Windows si una aplicaci\\u00f3n web abr\\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\\u00eda del disco, creando la posibilidad de una eventual denegaci\\u00f3n de servicio debido a que el disco est\\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema.\"}]",
      "id": "CVE-2023-42794",
      "lastModified": "2024-11-21T08:23:10.077",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
      "published": "2023-10-10T18:15:18.863",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/8\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-459\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42794\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-10T18:15:18.863\",\"lastModified\":\"2025-10-29T12:15:33.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incomplete Cleanup vulnerability in Apache Tomcat.\\n\\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \\nin progress refactoring that exposed a potential denial of service on \\nWindows if a web application opened a stream for an uploaded file but \\nfailed to close the stream. The file would never be deleted from disk \\ncreating the possibility of an eventual denial of service due to the \\ndisk being full.\\n\\nOther, EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\u00eda una refactorizaci\u00f3n en curso que expuso una posible denegaci\u00f3n de servicio en Windows si una aplicaci\u00f3n web abr\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\u00eda del disco, creando la posibilidad de una eventual denegaci\u00f3n de servicio debido a que el disco est\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.85\",\"versionEndExcluding\":\"8.5.94\",\"matchCriteriaId\":\"7EFFF75C-6B29-4D93-A8EC-BC8360D0048E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.70\",\"versionEndExcluding\":\"9.0.81\",\"matchCriteriaId\":\"F819B992-BA2C-4A30-A8A1-C57806AB1C31\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.