Search for vulnerabilities
Vulnerability details: VCID-f68z-z5n7-aaae
Vulnerability ID VCID-f68z-z5n7-aaae
Aliases CVE-2023-42795
GHSA-g8pj-r55q-5c2v
Summary Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-459 Incomplete Cleanup
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2023:7247
ssvc Track https://access.redhat.com/errata/RHSA-2023:7247
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00692 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.01658 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0355 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0355 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.0355 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
epss 0.09574 https://api.first.org/data/v1/epss?cve=CVE-2023-42795
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-g8pj-r55q-5c2v
cvssv3.1 5.3 https://github.com/apache/tomcat
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
generic_textual MODERATE https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
generic_textual MODERATE https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
generic_textual MODERATE https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
generic_textual MODERATE https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
cvssv3.1 5.3 https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
generic_textual MODERATE https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
ssvc Track https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
cvssv3.1 5.3 https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
cvssv3.1 5.3 https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-42795
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-42795
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-42795
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20231103-0007
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20231103-0007
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20231103-0007
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20231103-0007/
ssvc Track https://security.netapp.com/advisory/ntap-20231103-0007/
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5521
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5521
generic_textual MODERATE https://www.debian.org/security/2023/dsa-5521
ssvc Track https://www.debian.org/security/2023/dsa-5521
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5522
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5522
generic_textual MODERATE https://www.debian.org/security/2023/dsa-5522
ssvc Track https://www.debian.org/security/2023/dsa-5522
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2023/10/10/9
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2023/10/10/9
ssvc Track http://www.openwall.com/lists/oss-security/2023/10/10/9
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
https://api.first.org/data/v1/epss?cve=CVE-2023-42795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://security.netapp.com/advisory/ntap-20231103-0007
https://security.netapp.com/advisory/ntap-20231103-0007/
https://www.debian.org/security/2023/dsa-5521
https://www.debian.org/security/2023/dsa-5522
http://www.openwall.com/lists/oss-security/2023/10/10/9
2243752 https://bugzilla.redhat.com/show_bug.cgi?id=2243752
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-42795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795
CVE-2023-42795 https://nvd.nist.gov/vuln/detail/CVE-2023-42795
GHSA-g8pj-r55q-5c2v https://github.com/advisories/GHSA-g8pj-r55q-5c2v
RHSA-2023:6206 https://access.redhat.com/errata/RHSA-2023:6206
RHSA-2023:6207 https://access.redhat.com/errata/RHSA-2023:6207
RHSA-2023:7247 https://access.redhat.com/errata/RHSA-2023:7247
RHSA-2024:0125 https://access.redhat.com/errata/RHSA-2024:0125
RHSA-2024:0474 https://access.redhat.com/errata/RHSA-2024:0474
USN-7106-1 https://usn.ubuntu.com/7106-1/
USN-7562-1 https://usn.ubuntu.com/7562-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/ Found at https://access.redhat.com/errata/RHSA-2023:7247
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/ Found at https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/ Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42795
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42795
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20231103-0007
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20231103-0007
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20231103-0007/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/ Found at https://security.netapp.com/advisory/ntap-20231103-0007/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5521
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5521
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/ Found at https://www.debian.org/security/2023/dsa-5521
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5522
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5522
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/ Found at https://www.debian.org/security/2023/dsa-5522
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2023/10/10/9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/ Found at http://www.openwall.com/lists/oss-security/2023/10/10/9
Exploit Prediction Scoring System (EPSS)
Percentile 0.53867
EPSS Score 0.00312
Published At June 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.