Apache Tomcat Incomplete Cleanup Vulnerability
Content

Priority: High

Status: In Progress - Undergoing Analysis

 

First Published: 4 December, 2023

Advisory Version: 1.0

References:  CVE-2023-42794

Summary

A security vulnerability recently discovered in Apache Tomcat v9.0.70 through v9.0.80, and v8.5.85 through v8.5.93, could allow a denial of service on Windows-based systems. Specifically, this vulnerability allows a temporary uploaded file to persist after web application's failure to close the write stream, potentially leading to a disk full condition.  

Affected Products

Vulnerable Products

If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding fixed release versions (if such information is available at the time.)
 

Products Confirmed Not Vulnerable

Product Notes / Fixed Release Version
Software Products
Ops Center Analyzer
- Detail View Server
- Probe Server
Tomcat service is not used
Hitachi Configuration Manager (HCM)
 
Doesn't contain affected component
Hitachi Automation Director (HAD) Doesn't contain affected component
Hitachi Infrastructure Analytics Advisor (HIAA) Doesn't contain affected component

 

Recommended Actions

Please continue to check this Security Advisory, as new information will be added to it as it becomes available.

 

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

Attachments
CXone Metadata