Lucene search
73868399605eBAM-21769HistoryJun 07, 2022 - 6:57 a.m.
Upgrade Tomcat to mitigate CVE-2022-29885
2022-06-0706:57:06
73868399605e
jira.atlassian.com
22
0.03 Low
EPSS
Percentile
90.9%
h3. Issue summary
Apache Tomcat should be upgraded to 8.5.79 or a superior version to fix [CVE-2022-29885|https://nvd.nist.gov/vuln/detail/CVE-2022-29885]
h3. Environment
Bamboo 7, 8
h3. Steps to Reproduce
Check tomcat version on {{pom.xml}} or {{<bamboo-install>/bin/version.sh/bat}}
h3. Expected Results
apache-tomcat 8.5.79+ isย expected
h3. Actual Results
apache-tomcat 8.5.78 (or older) is used
h3. Workaround
At your own risk, you can manually upgrade Tomcat as instructed on this KB:
- [How to upgrade Apache Tomcat version used by Bamboo|https://confluence.atlassian.com/bamkb/how-to-upgrade-apache-tomcat-version-used-by-bamboo-1115656288.html]
{}WARNING{}: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions.
Related
ibm
ibm
f5
f5
K47096851 : Apache Tomcat vulnerability CVE-2022-29885
2022-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2022-29885
2022-05-12 00:00:00
osv
osv
CVE-2022-29885
2022-05-12 08:15:07
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
2022-05-13 00:01:12
BIT-tomcat-2022-29885
2024-03-06 11:09:24
nessus
nessus
Apache Tomcat 10.0.0.M1 < 10.0.21
2022-05-10 00:00:00
Apache Tomcat 10.1.0.M1 < 10.1.0.M15
2022-05-10 00:00:00
Apache Tomcat 8.5.38 < 8.5.79
2022-05-10 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 10.0.21
2022-05-06 00:00:00
Fixed in Apache Tomcat 8.5.79
2022-05-23 00:00:00
Fixed in Apache Tomcat 10.1.0-M15
2022-05-16 00:00:00
debiancve
debiancve
CVE-2022-29885
2022-05-12 08:15:00
openvas
openvas
Apache Tomcat EncryptInterceptor DoS Vulnerability (May 2022) - Windows
2022-05-13 00:00:00
Apache Tomcat Clustering DoS Vulnerability (May 2022)
2022-05-13 00:00:00
Debian: Security Advisory (DSA-5265-1)
2022-10-31 00:00:00
zdt
zdt
Apache Tomcat 10.1 - Denial Of Service Exploit
2023-04-05 00:00:00
atlassian
atlassian
veracode
veracode
Denial Of Service (DoS)
2022-05-13 04:14:07
packetstorm
packetstorm
Apache Tomcat 10.1 Denial Of Service
2023-04-06 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Apache Tomcat
2022-06-30 16:09:25
Exploit for Uncontrolled Resource Consumption in Apache Tomcat
2022-07-01 09:02:10
Exploit for Vulnerability in Apache Tomcat
2022-04-30 02:30:00
kaspersky
kaspersky
KLA12559 DoS vulnerability in Apache Tomcat
2022-05-23 00:00:00
cvelist
cvelist
github
github
prion
prion
Code injection
2022-05-12 08:15:00
cve
cve
CVE-2022-29885
2022-05-12 08:15:00
redhatcve
redhatcve
CVE-2022-29885
2022-06-07 02:29:38
exploitdb
exploitdb
Apache Tomcat 10.1 - Denial Of Service
2023-04-05 00:00:00
amazon
amazon
Important: tomcat8
2022-07-28 20:39:00
debian
debian
[SECURITY] [DLA 3160-1] tomcat9 security update
2022-10-26 12:16:48
[SECURITY] [DSA 5265-1] tomcat9 security update
2022-10-29 22:15:35
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00