A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.

References

bugzilla.redhat.com/show_bug.cgi?id=2158695

lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj

nvd.nist.gov/vuln/detail/CVE-2022-45143

www.cve.org/CVERecord?id=CVE-2022-45143

nessus 18

prion 1

kaspersky 2

veracode 1

cvelist 1

openvas 5

github 1

atlassian 1

ibm 12

ubuntucve 1

cve 1

tomcat 3

osv 4

f5 1

debiancve 1

redhat 4

photon 2

debian 1

gentoo 1

mageia 1

oracle 2

nessus

Apache Tomcat 10.1.0.M1 < 10.1.2

2023-01-03 00:00:00

Apache Tomcat 9.0.40 < 9.0.69

2023-01-03 00:00:00

Atlassian Confluence 7.13.x / 7.19.1 < 7.19.16 (CONFSERVER-93173)

2023-11-24 00:00:00

prion

Design/Logic Flaw

2023-01-03 19:15:00

kaspersky

KLA20148 ACE vulnerability in Apache Tomcat

2022-11-21 00:00:00

KLA20149 ACE vulnerability in Apache Tomcat

2022-11-14 00:00:00

veracode

Arbitrary Code Injection

2023-01-09 18:49:15

cvelist

CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping

2023-01-03 18:12:28

openvas

Apache Tomcat JsonErrorReportValve Injection Vulnerability (Jan 2023) - Windows

2023-01-04 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1853-1)

2023-04-17 00:00:00

Apache Tomcat JsonErrorReportValve Injection Vulnerability (Jan 2023) - Linux

2023-01-04 00:00:00

github

Apache Tomcat improperly escapes input from JsonErrorReportValve

2023-01-03 21:30:21

atlassian

org.apache.tomcat:tomcat-catalina Vulnerability in Confluence Data Center and Server

2023-11-03 00:45:56

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Apache Tomcat (CVE-2022-45143).

2023-05-03 14:18:38

Security Bulletin: App Connect Professional is affected by JsonErrorReportValve in Apache Tomcat.

2023-02-01 05:59:16

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-45143

2023-05-05 14:27:15

ubuntucve

CVE-2022-45143

2023-01-03 00:00:00

cve

CVE-2022-45143

2023-01-03 19:15:00

tomcat

Fixed in Apache Tomcat 10.1.2

2022-11-14 00:00:00

Fixed in Apache Tomcat 8.5.84

2022-11-21 00:00:00

Fixed in Apache Tomcat 9.0.69

2022-11-14 00:00:00

osv

BIT-tomcat-2022-45143

2024-03-06 11:09:02

Apache Tomcat improperly escapes input from JsonErrorReportValve

2023-01-03 21:30:21

CVE-2022-45143

2023-01-03 19:15:10

K000133390 : Apache Tomcat vulnerability CVE-2022-45143

2023-04-18 00:00:00

debiancve

CVE-2022-45143

2023-01-03 19:15:00

redhat

(RHSA-2023:1664) Low: Red Hat JBoss Web Server 5.7.2 release and security update

2023-04-12 12:28:51

(RHSA-2023:1663) Low: Red Hat JBoss Web Server 5.7.2 release and security update

2023-04-12 12:21:17

(RHSA-2023:4612) Important: Red Hat support for Spring Boot 2.7.13 security update

2023-08-16 10:54:20

photon

Important Photon OS Security Update - PHSA-2023-4.0-0314

2023-01-17 00:00:00

Important Photon OS Security Update - PHSA-2023-3.0-0518

2023-01-19 00:00:00

debian

[SECURITY] [DSA 5381-1] tomcat9 security update

2023-04-05 20:07:07

gentoo

Apache Tomcat: Multiple Vulnerabilities

2023-05-30 00:00:00

mageia

Updated tomcat packages fix security vulnerability

2023-04-15 22:03:44

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for RH:CVE-2022-45143