CVSS: 3.7EPSS: 0%CPEs: 17EXPL: 0CVE-2021-43980 – Apache Tomcat: Information disclosure
https://notcve.org/view.php?id=CVE-2021-43980
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Una implementación simplificada de lecturas y escrituras de bloqueo introducida en Tomcat versión 10 y retrocedida a Tomcat versión 9.0.47 en adelante expuso un error de concurrencia de larga data (pero extremadamente difícil de activar) en Apache Tomcat versiones 10.1.0 a 10. 1.0-M12, 10.0.0-M1 a 10.0.18, 9.0.0-M1 a 9.0.60 y 8.5.0 a 8.5.77, que podía causar que las conexiones de los clientes compartieran una instancia de Http11Processor resultando en que las respuestas, o parte de ellas, fueran recibidas por el cliente equivocado • http://www.openwall.com/lists/oss-security/2022/09/28/1 https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://www.debian.org/security/2022/dsa-5265 https://access.redhat.com/security/cve/CVE-2021-43980 https://bugzilla.redhat.com/show_bug.cgi?id=2130599 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1CVE-2022-34305 – XSS in examples web application
https://notcve.org/view.php?id=CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. En Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M16, 10.0.0-M1 a 10.0.22, 9.0.30 a 9.0.64 y 8.5.50 a 8.5.81, el ejemplo de autenticación de formularios en la aplicación web de ejemplos mostraba los datos proporcionados por el usuario sin filtrar, exponiendo una vulnerabilidad de tipo XSS • https://github.com/zeroc00I/CVE-2022-34305 http://www.openwall.com/lists/oss-security/2022/06/23/1 https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k https://security.gentoo.org/glsa/202208-34 https://security.netapp.com/advisory/ntap-20220729-0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 3CVE-2022-29885 – EncryptInterceptor does not provide complete protection on insecure networks
https://notcve.org/view.php?id=CVE-2022-29885
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. La documentación de Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M14, 10.0.0-M1 a 10.0.20, 9.0.13 a 9.0.62 y 8.5.38 a 8.5.78, para el EncryptInterceptor indicaba incorrectamente que permitía que el clustering de Tomcat fuera ejecutado sobre una red no confiable. Esto no es correcto. • https://www.exploit-db.com/exploits/51262 https://github.com/quynhlab/CVE-2022-29885 https://github.com/iveresk/CVE-2022-29885 http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://security.netapp.com/advisory/ntap-20220629-0002 https://www.debian.org/security/2022/dsa-5265 https://www.oracle.com/security-alerts/cpujul2022 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-23181 – Local privilege escalation with FileStore
https://notcve.org/view.php?id=CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Una corrección del bug CVE-2020-9484 introdujo una vulnerabilidad de tiempo de comprobación, tiempo de uso en Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M8, versiones 10.0.0-M5 a 10.0.14, versiones 9.0.35 a 9.0.56 y versiones 8.5.55 a 8.5.73, que permitía a un atacante local llevar a cabo acciones con los privilegios del usuario que está usando el proceso Tomcat. Este problema sólo es explotable cuando Tomcat está configurado para persistir sesiones usando el FileStore • https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://security.netapp.com/advisory/ntap-20220217-0010 https://www.debian.org/security/2022/dsa-5265 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23181 https://bugzilla.redhat.com/show_bug.cgi?id=2047417 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 2%CPEs: 37EXPL: 0CVE-2021-42340 – DoS via memory leak with WebSocket connections
https://notcve.org/view.php?id=CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. La corrección del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0-M1 hasta 10.0.11, versiones 9.0.40 hasta 9.0.53 y versiones 8.5.60 hasta 8.5.71, introducía una pérdida de memoria. El objeto introducido para recopilar métricas para las conexiones de actualización HTTP no se liberaba para las conexiones WebSocket una vez que se cerraba la conexión. • https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E https://security.gentoo.org/glsa/202208-34 https://security.netapp.com/advisory/ntap-20211104-0001 https://www.debian.org/security/2021/dsa-5009 https://www.oracle.com/security-alerts/cpuapr2022.html https://www • CWE-772: Missing Release of Resource after Effective Lifetime •