Tomcat Security Update (MINDBREEZE29364)

ID: MINDBREEZE29381 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 7.5 High 
Status: Final 
First published: March 18, 2024 
CVEs: CVE-2023-42795, CVE-2023-45648, CVE-2023-46589 

Summary

• CVE-2023-42795: Tomcat Session request response objects recycling information leaking
• CVE-2023-45648: Tomcat HTTP trailer headers request smuggling
• CVE-2023-46589: Tomcat HTTP trailer headers request smuggling

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.1 Release 
• Mindbreeze InSpire SaaS 24.1 Release