#VU81803 Exposed dangerous method or function in Apache Tomcat - CVE-2023-42794


Vulnerability identifier: #VU81803

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-42794

CWE-ID: CWE-749

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring that exposed a potential denial of service on Windows. A remote attacker can perform a denial of service attack by uploading multiple files to the server that are not removed.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Tomcat: 8.5.85 - 8.5.93, 9.0.70 - 9.0.80

External links
https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


HP-UX update for Tomcat
Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)
Multiple vulnerabilities in IBM Sterling B2B Integrator
SUSE update for tomcat
Multiple vulnerabilities in IBM Data Risk Manager
Multiple vulnerabilities in IBM Security Guardium
Multiple vulnerabilities in Communications Unified Assurance
IBM UrbanCode Release update for Apache Tomcat
IBM UrbanCode Build update for Apache Tomcat
IBM Integration Bus update for Apache Tomcat