CVE-2023-42794

Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased,
in progress refactoring that exposed a potential denial of service on
Windows if a web application opened a stream for an uploaded file but
failed to close the stream. The file would never be deleted from disk
creating the possibility of an eventual denial of service due to the
disk being full.

Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 incluía una refactorización en curso que expuso una posible denegación de servicio en Windows si una aplicación web abría una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminaría del disco, creando la posibilidad de una eventual denegación de servicio debido a que el disco esté lleno. Se recomienda a los usuarios actualizar a la versión 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema.

A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.

*Credits: Mohammad Khedmatgozar (cellbox)

CVSS Scores

NISTv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-14 CVE Reserved
2023-10-10 CVE Published
2023-12-12 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-459: Incomplete Cleanup

CAPEC

References (4)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2023/10/10/8	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82	2023-12-11
https://access.redhat.com/security/cve/CVE-2023-42794	2024-01-25
https://bugzilla.redhat.com/show_bug.cgi?id=2243751	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				>= 8.5.85 < 8.5.94 Search vendor "Apache" for product "Tomcat" and version " >= 8.5.85 < 8.5.94"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				>= 9.0.70 < 9.0.81 Search vendor "Apache" for product "Tomcat" and version " >= 9.0.70 < 9.0.81"		-		Affected