UBUNTU-CVE-2022-29885
- Source
- https://ubuntu.com/security/CVE-2022-29885
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-29885.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-29885
- Upstream
- Downstream
- Related
- Published
- 2022-05-12T08:15:00Z
- Modified
- 2026-03-20T06:40:54.207755Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
- References
-
- https://ubuntu.com/security/CVE-2022-29885
- https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
- https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
- https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
- https://www.cve.org/CVERecord?id=CVE-2022-29885
- https://ubuntu.com/security/notices/USN-6943-1
Affected packages
Ubuntu:16.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1ubuntu0.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.6?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.31-1ubuntu0.6
Affected versions
9.*
9.0.24-1
9.0.27-1
9.0.31-1
9.0.31-1ubuntu0.1
9.0.31-1ubuntu0.2
9.0.31-1ubuntu0.3
9.0.31-1ubuntu0.4
9.0.31-1ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.31-1ubuntu0.6"
}
],
"availability": "No subscription required"
}Ubuntu:25.10
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.40-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "libtomcat10-java",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-admin",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-common",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-examples",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.40-1ubuntu1"
}
]
}Ubuntu:Pro:14.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.0.37-1
6.0.39-1
6.0.39-1ubuntu0.1
6.0.39-1ubuntu0.1+esm1
6.0.39-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet2.4-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "libservlet2.5-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "libtomcat6-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-admin",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-common",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-docs",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-examples",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-extras",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-user",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.16+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11
7.0.52-1ubuntu0.13
7.0.52-1ubuntu0.14
7.0.52-1ubuntu0.15
7.0.52-1ubuntu0.16
7.0.52-1ubuntu0.16+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
}
]
}Ubuntu:Pro:16.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.4+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2
7.0.68-1ubuntu0.4+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
}
]
}Ubuntu:Pro:18.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.78-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.39-1ubuntu1~18.04.3+esm2
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat8-embed-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.16-3ubuntu0.18.04.2+esm2
Affected versions
9.*
9.0.16-3~18.04.1
9.0.16-3ubuntu0.18.04.1
9.0.16-3ubuntu0.18.04.2
9.0.16-3ubuntu0.18.04.2+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Ubuntu:Pro:22.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.1+esm2?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.58-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.58-1ubuntu0.1+esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Ubuntu:Pro:24.04:LTS
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm3?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1.10-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.16-1ubuntu0.1~esm1
10.1.16-1ubuntu0.1~esm2
10.1.16-1ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "libtomcat10-java",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-admin",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-common",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-examples",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
}
]
}