The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html | |
https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv | Mailing List Mitigation Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220629-0002/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5265 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
06 Apr 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Nov 2022, 20:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian debian Linux
Debian Oracle Oracle hospitality Cruise Shipboard Property Management System |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5265 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220629-0002/ - Third Party Advisory |
30 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 | |
References |
|
25 Jul 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 May 2022, 18:03
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
Apache
Apache tomcat |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:* |
|
References | (MISC) https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv - Mailing List, Mitigation, Vendor Advisory |
12 May 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-12 08:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29885
Mitre link : CVE-2022-29885
CVE.ORG link : CVE-2022-29885
JSON object : View
Products Affected
debian
- debian_linux
apache
- tomcat
oracle
- hospitality_cruise_shipboard_property_management_system
CWE