Incomplete Cleanup
CVE-2023-42795
Summary
Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat in versions prior to 8.5.94, 9.0.x prior to 9.0.81, 10.0.x prior to 10.1.14, 11.0.x prior to 11.0.0-M12 an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-459 - Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
References
Advisory Timeline
- Published