CVE-2023-42795 Apache Tomcat - information disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93

When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.

Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 11.0.0-M12 or later
- Upgrade to Apache Tomcat 10.1.14 or later
- Upgrade to Apache Tomcat 9.0.81 or later
- Upgrade to Apache Tomcat 8.5.94 or later

This vulnerability was idenitfied by the Tomcat security team.

2023-10-10 Original advisory


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to