Multiple vulnerabilities in Apache Tomcat
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-42794 CVE-2023-42795 CVE-2023-45648 CVE-2023-44487 |
| CWE-ID | CWE-749 CWE-399 CWE-444 CWE-400 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #4 is being exploited in the wild. |
| Vulnerable software Subscribe |
Apache Tomcat Server applications / Web servers |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Exposed dangerous method or function
EUVDB-ID: #VU81803
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42794
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring that exposed a potential denial of service on Windows. A remote attacker can perform a denial of service attack by uploading multiple files to the server that are not removed.
Install updates from vendor's website.
Vulnerable software versionsApache Tomcat: 8.5.85 - 9.0.80
External linkshttp://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
http://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
http://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU81800
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42795
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application when recycling various internal objects. A remote attacker can force Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
Install updates from vendor's website.
Vulnerable software versionsApache Tomcat: 8.5.0 - 11.0.0-M11
External linkshttp://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
http://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
http://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
http://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
http://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU81799
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45648
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation when parsing HTTP trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApache Tomcat: 8.5.0 - 11.0.0-M11
External linkshttp://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
http://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
http://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
http://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
http://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsApache Tomcat: 8.5.0 - 11.0.0-M11
External linkshttp://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628
http://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a
http://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49
http://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
