Apache Security Updates – 22 June 2023

Apache has released security updates to address a vulnerability in multiple Apache Tomcat versions.

The addressed vulnerability could allow the remote attacker to obtain sensitive information by sending a specially crafted HTTP request to the affected versions.

Apache Tomcat Information Disclosure (CVE-2023-34981):

  • CVSS: 7.5
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Obtain

Information The affected versions:

  • Apache Tomcat 11.0.0-M5
  • Apache Tomcat 10.1.8
  • Apache Tomcat 9.0.74
  • Apache Tomcat 8.5.88
Vulnerabilities

CVE-2023-34981

Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Apache Security Advisory

References