Tomcat Security Update (MINDBREEZE29364)
ID: MINDBREEZE29381
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.5 High
Status: Final
First published: March 18, 2024
CVEs: CVE-2023-42795, CVE-2023-45648, CVE-2023-46589
Summary
- CVE-2023-42795: Tomcat Session request response objects recycling information leaking
- CVE-2023-45648: Tomcat HTTP trailer headers request smuggling
- CVE-2023-46589: Tomcat HTTP trailer headers request smuggling
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 24.1 Release
- Mindbreeze InSpire SaaS 24.1 Release