CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:*:*:*:*:*:*:*

History

06 Apr 2023, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html -

08 Nov 2022, 20:23

Type Values Removed Values Added
First Time Debian debian Linux
Debian
Oracle
Oracle hospitality Cruise Shipboard Property Management System
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5265 - (DEBIAN) https://www.debian.org/security/2022/dsa-5265 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220629-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220629-0002/ - Third Party Advisory

30 Oct 2022, 04:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5265 -

26 Oct 2022, 15:15

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-400
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html -

25 Jul 2022, 18:22

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

29 Jun 2022, 19:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220629-0002/ -

20 May 2022, 18:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE NVD-CWE-noinfo
First Time Apache
Apache tomcat
CPE cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
References (MISC) https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv - (MISC) https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv - Mailing List, Mitigation, Vendor Advisory

12 May 2022, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-12 08:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-29885

Mitre link : CVE-2022-29885

CVE.ORG link : CVE-2022-29885


JSON object : View

Products Affected

apache

  • tomcat

oracle

  • hospitality_cruise_shipboard_property_management_system

debian

  • debian_linux
CWE
CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo