Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4254

Port fix for CVE-2023-42795

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 9.1.0
    • 9.1.1
    • None

    Description

      Important: Information Disclosure CVE-2023-42795

      When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.

      This was fixed with commit 9375d671.

      This issue was identified by the Tomcat Security Team on 13 September 2023. The issue was made public on 10 October 2023.

      Affects: 10.1.0-M1 to 10.1.13

      Attachments

        Activity

          People

            rzo1 Richard Zowalla
            rzo1 Richard Zowalla
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: