HomePentest-Tools.com Logo

Apache Tomcat Multiple Vulnerabilities (Oct 2023) - Windows CVE-2023-42795CVE-2023-44487CVE-2023-45648

Severity
CVSSv3 Score
5.3
Vulnerability description

Apache Tomcat is prone to multiple vulnerabilities.

Risk description

The following flaws exist: - CVE-2023-42795: When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. - CVE-2023-44487: HTTP/2 rapid reset attack - CVE-2023-45648: A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.

Recommendation

Update to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 10, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available