Command Injection

🗓️ 05 Sep 2022 19:23:03Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 27 Views

tomcat6 vulnerable to command injection, improper WebSocket error handlin

Reporter	Title	Published	Views	Family All 82
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management	22 Mar 202416:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat	7 Nov 202407:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Build is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).	18 Jul 202215:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Release is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).	18 Jul 202215:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products	29 Mar 202301:48	–	ibm
ATTACKERKB	CVE-2022-25762	13 May 202208:15	–	attackerkb
Amazon	Important: tomcat8	5 Aug 202200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : tomcat8 (ALAS-2022-1627)	5 Aug 202200:00	–	nessus

Vulners

Node

tomcat6 tomcat6Match6.0.24_111.el6_9

tomcat6 tomcat6Match6.0.24_95.el6

tomcat6 tomcat6Match6.0.24_72.el6_5

tomcat6 tomcat6Match6.0.24_80.el6

tomcat6 tomcat6Match6.0.24_83.el6_6

tomcat6 tomcat6Match6.0.24_49.el6

tomcat6 tomcat6Match6.0.41_19_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.35_33_patch_07.ep6.el6

tomcat6 tomcat6Match6.0.32_35_patch_09.ep5.el6

tomcat6 tomcat6Match6.0.24_98.el6_8

tomcat6 tomcat6Match6.0.32_24_patch_07.ep5.el6

tomcat6 tomcat6Match6.0.41_17_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.32_31_patch_08.ep5.el6

tomcat6 tomcat6Match6.0.24_115.el6_10

tomcat6 tomcat6Match6.0.24_105.el6_8

tomcat6 tomcat6Match6.0.32_14_patch_03.ep5.el6

tomcat6 tomcat6Match6.0.24_15.el6

tomcat6 tomcat6Match6.0.24_78.el6_5

tomcat6 tomcat6Match6.0.24_45.el6

tomcat6 tomcat6Match6.0.37_29_patch_05.ep6.el6

tomcat6 tomcat6Match6.0.35_29_patch_06.ep6.el6

tomcat6 tomcat6Match6.0.24_90.el6

tomcat6 tomcat6Match6.0.24_52.el6_4

tomcat6 tomcat6Match6.0.37_27_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.24_94.el6_7

tomcat6 tomcat6Match6.0.41_10_patch_02.ep6.el6

tomcat6 tomcat6Match6.0.24_64.el6_5

tomcat6 tomcat6Match6.0.37_10_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.24_57.el6_4

tomcat6 tomcat6Match6.0.41_8_patch_02.ep6.el6

tomcat6 tomcat6Match6.0.35_25_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.24_62.el6

tomcat6 tomcat6Match6.0.24_48.el6_3

tomcat6 tomcat6Match6.0.24_35.el6_1

tomcat6 tomcat6Match6.0.24_33.el6

tomcat6 tomcat6Match6.0.41_5_patch_02.ep6.el6

tomcat6 tomcat6Match6.0.24_36.el6_2

tomcat6 tomcat6Match6.0.24_114.el6_10

tomcat6 tomcat6Match6.0.24_55.el6_4

tomcat6 tomcat6Match6.0.35_24_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.24_24.el6_0

tomcat6 tomcat6Match6.0.41_15_patch_04.ep6.el6

Source	Link
access	www.access.redhat.com/errata/RHSA-2020:4847
access	www.access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
tomcat	www.tomcat.apache.org/security-8.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/updates/classification/
github	www.github.com/advisories/GHSA-h3ch-5pp2-vh6w
lists	www.lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
security	www.security.netapp.com/advisory/ntap-20220629-0003/
oracle	www.oracle.com/security-alerts/cpujul2022.html

23 Feb 2023 19:45Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

CVSS 3.18.6

EPSS0.00646