CVE-2022-29885

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29885

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29885.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29885

Aliases

Related

Published

2022-05-12T08:15:07Z

Modified

2024-09-11T04:53:59.528348Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

References

Affected packages

Debian:11 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.43-2~deb11u4

Affected versions

9.*

9.0.43-1

9.0.43-2~deb11u1

9.0.43-2~deb11u2

9.0.43-2~deb11u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.63-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.63-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Last affected

02d546ba3c553c74ff1a99ecc166a6ff9c501ba8

Last affected

02e84c839def0228475fad85d0b19abc2f70b03f

Last affected

049799677ba307378a256621bb1a7b03f597571c

Last affected

0e59fedb28df646930c5aff945159b64d7a52260

Last affected

0f3f1e439a040068b741d77777766722e4420ad6

Last affected

2a10c8d9110d7b1c7f526f3352648c6b19ba2c52

Introduced

4c8b650437e2464c1c31c6598a263b3805b7a81f

Last affected

2a46c651529a9d237b4d6beb1ef846922d949342

Last affected

51d1031c36c0f2b3ee1e0d14b56228a559144153

Introduced

706a395be7c34414d04739de69bde986661976ec

Last affected

85113741042dcce9e9792bdbc3d498172bc31291

Last affected

8778a44d6323c1066237043a89ab2f36696916b1

Last affected

cd53876fefaa370c31466b0f615e9ad026541a27

Last affected

d08498a3cefa7206bad791acf019455794f865ea

Last affected

dc3639dd7123301ced18dbf4ddf2dca93704870d

Last affected

e706972942e2c342e4a37baf5e2596f11e8a0e94

Last affected

f2ab9ac8bc3f40ee9b2cb50b030c99df927f0429

Introduced

4b0b2f6b828d12d150b4de0b64fd6c3849dfcefb

Last affected

f732d3aa5ca55eb07cb73d9ec2b585330f80f00b

Last affected

faa2582152d9dcbcb444700df340e10a85fc375f