logo
DATABASE RESOURCES PRICING ABOUT US

Apache Tomcat CVE-2022-34305

Description

h3. Issue Summary This is reproducible on Data Center: yes * The current version of Tomcat 8.5.72 bundled with JIRA 8.22 and Tomcat 9.0.61 bundled with Jira 9 are vulnerable to CVE-2022-34305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305 h3. Steps to Reproduce # -- h3. Expected Results -- h3. Actual Results -- h3. Workaround Manually updating Tomcat would be a valid workaround, however checking Tomcat download link we can see that latest available versions are: - For Tomcat 8, 8.5.81 http://archive.apache.org/dist/tomcat/tomcat-8/ - For Tomcat 9, 9.0.64 http://archive.apache.org/dist/tomcat/tomcat-9/ So, not even Tomcat has release a version that has the fix for this CVE, looks like this vulnerability is currently undergoing analysis. Opening a ticket to keep track of it on our side.


Affected Software


CPE Name Name Version
jira server and data center 9.0.0
jira server and data center 8.22.4
jira server and data center 9.2.0

Related