Main Vulnerability Database Vulnerabilities #VU63225

#VU63225 Data Handling in Apache Tomcat - CVE-2022-29885

Published: May 16, 2022 / Updated: October 25, 2024

Vulnerability identifier: #VU63225

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2022-29885

CWE-ID: CWE-19

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Apache Tomcat

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to an error in documentation for the EncryptInterceptor, which incorrectly stated that it enabled Tomcat clustering to run over an untrusted network. A remote attacker can perform a denial of service attack against the exposed EncryptInterceptor.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.79
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.63
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.21

#VU63225 Data Handling in Apache Tomcat - CVE-2022-29885

Description

Remediation

External links

Please verify you're human