UBUNTU-CVE-2023-42794

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2023-42794

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42794.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-42794

Related

CVE-2023-42794

Published

2023-10-10T18:15:00Z

Modified

2023-10-10T18:15:00Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

References

Affected packages

Ubuntu:Pro:16.04:LTS / tomcat8

Package

Name: tomcat8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.26-1

8.0.28-1

8.0.30-1

8.0.32-1

8.0.32-1ubuntu1

8.0.32-1ubuntu1.1

8.0.32-1ubuntu1.2

8.0.32-1ubuntu1.3

8.0.32-1ubuntu1.4

8.0.32-1ubuntu1.5

8.0.32-1ubuntu1.6

8.0.32-1ubuntu1.7

8.0.32-1ubuntu1.8

8.0.32-1ubuntu1.9

8.0.32-1ubuntu1.10

8.0.32-1ubuntu1.11

8.0.32-1ubuntu1.13

8.0.32-1ubuntu1.13+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tomcat8

Package

Name: tomcat8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.5.21-1ubuntu1

8.5.29-1

8.5.30-1

8.5.30-1ubuntu1

8.5.30-1ubuntu1.2

8.5.30-1ubuntu1.3

8.5.30-1ubuntu1.4

8.5.39-1ubuntu1~18.04.1

8.5.39-1ubuntu1~18.04.2

8.5.39-1ubuntu1~18.04.3

8.5.39-1ubuntu1~18.04.3+esm1

8.5.39-1ubuntu1~18.04.3+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tomcat9

Package

Name: tomcat9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.16-3~18.04.1

9.0.16-3ubuntu0.18.04.1

9.0.16-3ubuntu0.18.04.2

9.0.16-3ubuntu0.18.04.2+esm1

9.0.16-3ubuntu0.18.04.2+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / tomcat9

Package

Name: tomcat9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.24-1

9.0.27-1

9.0.31-1

9.0.31-1ubuntu0.1

9.0.31-1ubuntu0.2

9.0.31-1ubuntu0.3

9.0.31-1ubuntu0.4

9.0.31-1ubuntu0.5

9.0.31-1ubuntu0.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / tomcat9

Package

Name: tomcat9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.43-3

9.0.54-1

9.0.55-1

9.0.58-1

9.0.58-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / tomcat10

Package

Name: tomcat10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.1.10-1

10.1.14-1

10.1.15-1

10.1.16-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / tomcat9

Package

Name: tomcat9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.70-1ubuntu1

9.0.70-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}