CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-45143 – Apache Tomcat: JsonErrorReportValve escaping
https://notcve.org/view.php?id=CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values. • https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj https://security.gentoo.org/glsa/202305-37 https://access.redhat.com/security/cve/CVE-2022-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2158695 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42252 – Apache Tomcat request smuggling via malformed content-length
https://notcve.org/view.php?id=CVE-2022-42252
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. Si Apache Tomcat 8.5.0 a 8.5.82, 9.0.0-M1 a 9.0.67, 10.0.0-M1 a 10.0.26 o 10.1.0-M1 a 10.1.0 se configuró para ignorar encabezados HTTP no válidos mediante la configuración de rechazarIllegalHeader a falso (el valor predeterminado solo para 8.5.x), Tomcat no rechazó una solicitud que contenía un encabezado Content-Length no válido, lo que hace posible un ataque de contrabando de solicitudes si Tomcat estaba ubicado detrás de un proxy inverso que tampoco rechazó la solicitud con el encabezado no válido. A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack. • https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq https://security.gentoo.org/glsa/202305-37 https://access.redhat.com/security/cve/CVE-2022-42252 https://bugzilla.redhat.com/show_bug.cgi?id=2141329 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 3.7EPSS: 0%CPEs: 17EXPL: 0CVE-2021-43980 – Apache Tomcat: Information disclosure
https://notcve.org/view.php?id=CVE-2021-43980
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Una implementación simplificada de lecturas y escrituras de bloqueo introducida en Tomcat versión 10 y retrocedida a Tomcat versión 9.0.47 en adelante expuso un error de concurrencia de larga data (pero extremadamente difícil de activar) en Apache Tomcat versiones 10.1.0 a 10. 1.0-M12, 10.0.0-M1 a 10.0.18, 9.0.0-M1 a 9.0.60 y 8.5.0 a 8.5.77, que podía causar que las conexiones de los clientes compartieran una instancia de Http11Processor resultando en que las respuestas, o parte de ellas, fueran recibidas por el cliente equivocado • http://www.openwall.com/lists/oss-security/2022/09/28/1 https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://www.debian.org/security/2022/dsa-5265 https://access.redhat.com/security/cve/CVE-2021-43980 https://bugzilla.redhat.com/show_bug.cgi?id=2130599 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1CVE-2022-34305 – XSS in examples web application
https://notcve.org/view.php?id=CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. En Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M16, 10.0.0-M1 a 10.0.22, 9.0.30 a 9.0.64 y 8.5.50 a 8.5.81, el ejemplo de autenticación de formularios en la aplicación web de ejemplos mostraba los datos proporcionados por el usuario sin filtrar, exponiendo una vulnerabilidad de tipo XSS • https://github.com/zeroc00I/CVE-2022-34305 http://www.openwall.com/lists/oss-security/2022/06/23/1 https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k https://security.gentoo.org/glsa/202208-34 https://security.netapp.com/advisory/ntap-20220729-0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 3CVE-2022-29885 – EncryptInterceptor does not provide complete protection on insecure networks
https://notcve.org/view.php?id=CVE-2022-29885
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. La documentación de Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M14, 10.0.0-M1 a 10.0.20, 9.0.13 a 9.0.62 y 8.5.38 a 8.5.78, para el EncryptInterceptor indicaba incorrectamente que permitía que el clustering de Tomcat fuera ejecutado sobre una red no confiable. Esto no es correcto. • https://www.exploit-db.com/exploits/51262 https://github.com/quynhlab/CVE-2022-29885 https://github.com/iveresk/CVE-2022-29885 http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://security.netapp.com/advisory/ntap-20220629-0002 https://www.debian.org/security/2022/dsa-5265 https://www.oracle.com/security-alerts/cpujul2022 • CWE-400: Uncontrolled Resource Consumption •