Important: tomcat8

🗓️ 05 Aug 2022 00:00:00Reported by AmazonType

Flaw in tomcat8 WebSocket handling may lead to data leakage and application stability issues (CVE-2022-25762, CVE-2022-29885

Reporter	Title	Published	Views	Family All 198
0day.today	Apache Tomcat 10.1 - Denial Of Service Exploit	5 Apr 202300:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management	22 Mar 202416:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Build is vulnerable to denial of service due to use of Apache Tomcat (CVE-2022-29885).	18 Jul 202215:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat	7 Nov 202407:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Build is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).	18 Jul 202215:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Release is vulnerable to a denial of service due to use of Apache Tomcat CVE-2022-29885	18 Jul 202215:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Release is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).	18 Jul 202215:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge is vulnerable to a denial of service due to use of Apache Tomcat server (CVE-2022-29885).	21 Jul 202205:17	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	any	tomcat8	8.5.81-1.91.amzn1	tomcat8-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-admin-webapps	8.5.81-1.91.amzn1	tomcat8-admin-webapps-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-docs-webapp	8.5.81-1.91.amzn1	tomcat8-docs-webapp-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-el-3.0-api	8.5.81-1.91.amzn1	tomcat8-el-3.0-api-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-javadoc	8.5.81-1.91.amzn1	tomcat8-javadoc-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-jsp-2.3-api	8.5.81-1.91.amzn1	tomcat8-jsp-2.3-api-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-lib	8.5.81-1.91.amzn1	tomcat8-lib-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-log4j	8.5.81-1.91.amzn1	tomcat8-log4j-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-servlet-3.1-api	8.5.81-1.91.amzn1	tomcat8-servlet-3.1-api-8.5.81-1.91.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-webapps	8.5.81-1.91.amzn1	tomcat8-webapps-8.5.81-1.91.amzn1.noarch.rpm

05 Aug 2022 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 27.5

CVSS 3.18.6

EPSS0.55532