ISHACK AI BOT

Amazon Linux AMI: CVE-2023-43787: Security patch for libXpm ((Multiple Advisories)) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/27/2023 Added 10/25/2023 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Solution(s) amazon-linux-upgrade-libx11 amazon-linux-upgrade-libxpm References ALAS-2023-1875 CVE-2023-43787

F5 Networks: CVE-2023-45219: K20307245: BIG-IP tmsh vulnerability CVE-2023-45219 Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/10/2023 Created 12/30/2023 Added 12/29/2023 Modified 01/28/2025 Description Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-45219 CVE - 2023-45219 https://my.f5.com/manage/s/article/K20307245

Amazon Linux AMI: CVE-2023-43786: Security patch for libX11 ((Multiple Advisories)) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) amazon-linux-upgrade-libx11 amazon-linux-upgrade-libxpm References ALAS-2023-1895 CVE-2023-43786

Gentoo Linux: CVE-2023-43786: X.Org X11 library: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) gentoo-linux-upgrade-x11-libs-libx11 References https://attackerkb.com/topics/cve-2023-43786 CVE - 2023-43786 202407-21

Gentoo Linux: CVE-2023-43785: X.Org X11 library: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) gentoo-linux-upgrade-x11-libs-libx11 References https://attackerkb.com/topics/cve-2023-43785 CVE - 2023-43785 202407-21

Oracle Linux: CVE-2023-42795: ELSA-2024-0474:tomcat security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/10/2023 Created 01/13/2024 Added 01/11/2024 Modified 12/18/2024 Description Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information. Solution(s) oracle-linux-upgrade-tomcat oracle-linux-upgrade-tomcat-admin-webapps oracle-linux-upgrade-tomcat-docs-webapp oracle-linux-upgrade-tomcat-el-3-0-api oracle-linux-upgrade-tomcat-jsp-2-3-api oracle-linux-upgrade-tomcat-lib oracle-linux-upgrade-tomcat-servlet-4-0-api oracle-linux-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-42795 CVE - 2023-42795 ELSA-2024-0474 ELSA-2024-0125

Gentoo Linux: CVE-2023-44487: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) gentoo-linux-upgrade-app-admin-consul gentoo-linux-upgrade-dev-lang-go gentoo-linux-upgrade-net-libs-nghttp2 References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 202311-09 202408-10 202412-14

Alpine Linux: CVE-2023-36435: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Microsoft QUIC Denial of Service Vulnerability Solution(s) alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime References https://attackerkb.com/topics/cve-2023-36435 CVE - 2023-36435 https://security.alpinelinux.org/vuln/CVE-2023-36435

FreeBSD: VID-07EE8C14-68F1-11EE-8290-A8A1599412C6 (CVE-2023-5473): chromium -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 10/10/2023 Created 10/13/2023 Added 10/12/2023 Modified 01/28/2025 Description Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5473

FreeBSD: VID-07EE8C14-68F1-11EE-8290-A8A1599412C6 (CVE-2023-5479): chromium -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/10/2023 Created 10/13/2023 Added 10/12/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5479

FreeBSD: VID-07EE8C14-68F1-11EE-8290-A8A1599412C6 (CVE-2023-5476): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/13/2023 Added 10/12/2023 Modified 01/28/2025 Description Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5476

Debian: CVE-2023-44487: Multiple Affected Packages Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) debian-upgrade-haproxy debian-upgrade-jetty9 debian-upgrade-netty debian-upgrade-nghttp2 debian-upgrade-nginx debian-upgrade-tomcat10 debian-upgrade-tomcat9 debian-upgrade-trafficserver debian-upgrade-varnish References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 DSA-5521 DSA-5521-1 DSA-5522 DSA-5522-1 DSA-5540 DSA-5549 View more

Red Hat JBoss EAP: Unspecified Security Vulnerability (CVE-2023-44487) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 11/01/2023 Added 10/20/2023 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat JBossEAP: Uncontrolled Resource Consumption (CVE-2023-44487) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://access.redhat.com/errata/RHSA-2023:5920 https://access.redhat.com/errata/RHSA-2023:5922 https://access.redhat.com/errata/RHSA-2023:7637 https://access.redhat.com/errata/RHSA-2023:7638 https://access.redhat.com/errata/RHSA-2023:7639 https://access.redhat.com/errata/RHSA-2023:7641 View more

Huawei EulerOS: CVE-2023-43788: libXpm security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-libxpm References https://attackerkb.com/topics/cve-2023-43788 CVE - 2023-43788 EulerOS-SA-2023-3344

Debian: CVE-2023-42795: tomcat10, tomcat9 -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/10/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) debian-upgrade-tomcat10 debian-upgrade-tomcat9 References https://attackerkb.com/topics/cve-2023-42795 CVE - 2023-42795 DSA-5521-1 DSA-5522-1

Microsoft Windows: CVE-2023-41772: Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 08/07/2024 Description Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 References https://attackerkb.com/topics/cve-2023-41772 CVE - 2023-41772 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031364

Microsoft Windows: CVE-2023-36731: Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36731 CVE - 2023-36731 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft CVE-2023-36790: Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 10/10/2023 Description Microsoft CVE-2023-36790: Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability Solution(s) msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36790 CVE - 2023-36790 5031408 5031411 5031416 5031441

Microsoft Windows: CVE-2023-36776: Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36776 CVE - 2023-36776 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-36722: Active Directory Domain Services Information Disclosure Vulnerability Severity 6 CVSS (AV:N/AC:M/Au:M/C:C/I:N/A:N) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Active Directory Domain Services Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36722 CVE - 2023-36722 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-36721: Windows Error Reporting Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 08/07/2024 Description Windows Error Reporting Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 References https://attackerkb.com/topics/cve-2023-36721 CVE - 2023-36721 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031364

Microsoft Windows: CVE-2023-36723: Windows Container Manager Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 08/07/2024 Description Windows Container Manager Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 References https://attackerkb.com/topics/cve-2023-36723 CVE - 2023-36723 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031364

Microsoft Windows: CVE-2023-36729: Named Pipe File System Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/05/2024 Description Named Pipe File System Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 References https://attackerkb.com/topics/cve-2023-36729 CVE - 2023-36729 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 View more

Ubuntu: USN-7106-1 (CVE-2023-42795): Tomcat vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) ubuntu-pro-upgrade-libtomcat9-java ubuntu-pro-upgrade-tomcat9 References https://attackerkb.com/topics/cve-2023-42795 CVE - 2023-42795 USN-7106-1 http://www.openwall.com/lists/oss-security/2023/10/10/9 https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw https://ubuntu.com/security/notices/USN-7106-1 https://www.cve.org/CVERecord?id=CVE-2023-42795 https://www.openwall.com/lists/oss-security/2023/10/10/9 View more