Skip to main content

Incomplete Cleanup

CVE-2023-42795

Severity Medium
Score 5.3/10

Summary

Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat in versions prior to 8.5.94, 9.0.x prior to 9.0.81, 10.0.x prior to 10.1.14, 11.0.x prior to 11.0.0-M12 an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-459 - Incomplete Cleanup

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

Advisory Timeline

  • Published