EUVD-2022-5668

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Apache Tomcat versions flawed in processing passwords, risking timing attacks on user names.

Reporter	Title	Published	Views	Family All 148
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.	15 Jun 201823:17	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's	16 Jun 201821:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)	17 Jun 201815:39	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)	23 Sep 202101:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.	15 Jun 201823:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)	15 Jun 201823:17	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "489a35eb-2e87-3e6f-a6af-3eb52dd48bb7",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "119a0572-d81a-3594-8282-d816c283fb5c",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "9.0.0.M1 to 9.0.0.M9"
      },
      {
        "id": "56193c95-45f2-3f7a-be2a-d05ef1fac9f8",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "7.0.0 to 7.0.70"
      },
      {
        "id": "b66919d7-d6df-3ebe-bbd4-4b76def6c47c",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.0.0.RC1 to 8.0.36"
      },
      {
        "id": "da845ab9-73bc-3b2f-b5b7-330465acecb8",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "6.0.0 to 6.0.45"
      },
      {
        "id": "fe63097c-7bb3-3efa-b7b1-18c1c42a2776",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.5.0 to 8.5.4"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-0762
github	www.github.com/apache/tomcat/commit/86b2e436099cb48f30dad950175c5beeeb763756
github	www.github.com/apache/tomcat/commit/970e615c7ade6ec6c341470bbc76aa1256353737
github	www.github.com/apache/tomcat/commit/d79c63d424fe6b225678416343b9ce106dec947c
github	www.github.com/apache/tomcat80/commit/dc4c3317452f0bc2c5e1f6a08d3bd9f22488b450
access	www.access.redhat.com/errata/RHSA-2017:0455
lists	www.lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

03 Oct 2025 20:07Current

7.1High risk

Vulners AI Score7.1

CVSS 3.15.9

CVSS 24.3

EPSS0.00503