{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:54:54.868","vulnerabilities":[{"cve":{"id":"CVE-2023-42794","sourceIdentifier":"security@apache.org","published":"2023-10-10T18:15:18.863","lastModified":"2025-10-29T12:15:33.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nOther, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue."},{"lang":"es","value":"Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 incluía una refactorización en curso que expuso una posible denegación de servicio en Windows si una aplicación web abría una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminaría del disco, creando la posibilidad de una eventual denegación de servicio debido a que el disco esté lleno. Se recomienda a los usuarios actualizar a la versión 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.85","versionEndExcluding":"8.5.94","matchCriteriaId":"7EFFF75C-6B29-4D93-A8EC-BC8360D0048E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.70","versionEndExcluding":"9.0.81","matchCriteriaId":"F819B992-BA2C-4A30-A8A1-C57806AB1C31"}]}]}],"references":[{"url":"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/10/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}