CVE-2023-42794 Apache Tomcat - denial of service

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.70 to 9.0.80
Apache Tomcat 8.5.85 to 8.5.93

Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full.

Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 9.0.81 or later
- Upgrade to Apache Tomcat 8.5.94 or later

This vulnerability was reported responsibly to the Tomcat security team by Mohammad Khedmatgozar (cellbox).

2023-10-10 Original advisory


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to