CVE-2023-42794

10.10.2023, 18:15

Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased,
in progress refactoring that exposed a potential denial of service on
Windows if a web application opened a stream for an uploaded file but
failed to close the stream. The file would never be deleted from disk
creating the possibility of an eventual denial of service due to the
disk being full.

Other, EOL versions may also be affected.

Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	8.5.85 ≤ 𝑥 < 8.5.94
apache	tomcat	9.0.70 ≤ 𝑥 < 9.0.81

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat10

bookworm	10.1.6-1+deb12u2 fixed
bookworm (security)	10.1.6-1+deb12u2 fixed
sid	10.1.34-1 fixed
trixie	10.1.34-1 fixed

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat10

bionic	ignored
focal	dne
jammy	dne
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	ignored
xenial	ignored

tomcat8

bionic	needs-triage
focal	dne
jammy	dne
lunar	dne
mantic	dne
noble	dne
oracular	dne
trusty	ignored
xenial	needs-triage

tomcat9

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	ignored
xenial	ignored

openSUSE / SLES Releases

openSUSE Product

Release

tomcat

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

tomcat-admin-webapps

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

tomcat-el-3_0-api

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

tomcat-jsp-2_3-api

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

tomcat-lib

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

tomcat-servlet-4_0-api

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

tomcat-webapps

suse enterprise sap 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise sap 15 SP7	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP2	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP3	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP4	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP5	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP6	9.0.85-150200.57.1 fixed
suse enterprise server 15 SP7	9.0.85-150200.57.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

tomcat

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-admin-webapps

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-docs-webapp

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-el-3.0-api

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-jsp-2.3-api

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-lib

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-servlet-4.0-api

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

tomcat-webapps

RHEL 8	1:9.0.62-27.el8_9.2 fixed
RHEL 9	1:9.0.62-37.el9_3.1 fixed

Common Weakness Enumeration

CWE-459 - Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

References

https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82

http://www.openwall.com/lists/oss-security/2023/10/10/8

https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82