Lucene search

K
tomcatApache TomcatTOMCAT:165051AC2BE10A9500B7745CB9AB7C4F
HistoryMay 16, 2022 - 12:00 a.m.

Fixed in Apache Tomcat 9.0.63

2022-05-1600:00:00
Apache Tomcat
tomcat.apache.org
103
apache tomcat
encryptinterceptor
dos
cve-2022-29885
confidentiality
integrity
untrusted network

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.029

Percentile

90.8%

Low: Apache Tomcat EncryptInterceptor DoS CVE-2022-29885

The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

This was fixed with commit eaafd282.

This issue was reported to the Apache Tomcat Security team by 4ra1n on 17 April 2022. The issue was made public on 10 May 2022.

Affects: 9.0.13 to 9.0.62

Affected configurations

Vulners
Node
apachetomcatRange9.0.13
OR
apachetomcatRange9.0.62
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.029

Percentile

90.8%