CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-45143 – Apache Tomcat: JsonErrorReportValve escaping
https://notcve.org/view.php?id=CVE-2022-45143
03 Jan 2023 — The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values. Re... • https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42252 – Apache Tomcat request smuggling via malformed content-length
https://notcve.org/view.php?id=CVE-2022-42252
01 Nov 2022 — If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. Si Apache Tomcat 8.5.0 a 8.5.82, 9.0.0-M1 a 9.0.67, 10.0.0-M1 a 10.0.... • https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 3.7EPSS: 0%CPEs: 17EXPL: 0CVE-2021-43980 – Apache Tomcat: Information disclosure
https://notcve.org/view.php?id=CVE-2021-43980
28 Sep 2022 — The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Una implementación simplificada de lecturas y escrituras de bloq... • http://www.openwall.com/lists/oss-security/2022/09/28/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 2%CPEs: 19EXPL: 1CVE-2022-34305 – XSS in examples web application
https://notcve.org/view.php?id=CVE-2022-34305
23 Jun 2022 — In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. En Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M16, 10.0.0-M1 a 10.0.22, 9.0.30 a 9.0.64 y 8.5.50 a 8.5.81, el ejemplo de autenticación de formularios en la aplicación web de ejemplos mostraba los datos proporcionados por el usuario sin filtrar, exponiendo una vulnerab... • https://github.com/zeroc00I/CVE-2022-34305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25762 – Response mix-up with WebSocket concurrent send and close
https://notcve.org/view.php?id=CVE-2022-25762
13 May 2022 — If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wro... • https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c • CWE-226: Sensitive Information in Resource Not Removed Before Reuse CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 66%CPEs: 20EXPL: 4CVE-2022-29885 – EncryptInterceptor does not provide complete protection on insecure networks
https://notcve.org/view.php?id=CVE-2022-29885
12 May 2022 — The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. La documentación de Apache Tomcat versiones 10.1.0-M1 a 10.1.0-... • https://packetstorm.news/files/id/171728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-23181 – Local privilege escalation with FileStore
https://notcve.org/view.php?id=CVE-2022-23181
27 Jan 2022 — The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Una corrección del bug CVE-2020-9484 introdujo una vulnerabilidad de tiempo de comprobación, tiempo de uso en Ap... • https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 2%CPEs: 37EXPL: 0CVE-2021-42340 – DoS via memory leak with WebSocket connections
https://notcve.org/view.php?id=CVE-2021-42340
14 Oct 2021 — The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. La corrección del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0... • https://kc.mcafee.com/corporate/index?page=content&id=SB10379 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-41079 – Apache Tomcat DoS with unexpected TLS packet
https://notcve.org/view.php?id=CVE-2021-41079
16 Sep 2021 — Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. Apache Tomcat versiones 8.5.0 hasta 8.5.63, versiones 9.0.0-M1 hasta 9.0.43 y versiones 10.0.0-M1 hasta 10.0.2, no comprueban apropiadamente los paquetes TLS entrantes. Cuando Tomcat estaba configurado para usar NIO+... • https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a%40%3Cusers.tomcat.apache.org%3E • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 4%CPEs: 42EXPL: 0CVE-2021-33037 – Incorrect Transfer-Encoding handling with HTTP/1.0
https://notcve.org/view.php?id=CVE-2021-33037
12 Jul 2021 — Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10366 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •