UBUNTU-CVE-2022-45143
- Source
- https://ubuntu.com/security/CVE-2022-45143
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-45143.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-45143
- Upstream
- Published
- 2023-01-03T19:15:00Z
- Modified
- 2026-04-27T17:29:20.201581Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
- References
-
- https://ubuntu.com/security/CVE-2022-45143
- https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
- https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
- https://www.openwall.com/lists/oss-security/2023/01/03/1
- https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
- https://www.cve.org/CVERecord?id=CVE-2022-45143
Affected packages
Ubuntu:16.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1ubuntu0.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.40-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-user"
}
]
}Ubuntu:26.04
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.40-1ubuntu1?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-user"
}
]
}Ubuntu:Pro:14.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.0.37-1
6.0.39-1
6.0.39-1ubuntu0.1
6.0.39-1ubuntu0.1+esm1
6.0.39-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libservlet2.4-java"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libservlet2.5-java"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libtomcat6-java"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-admin"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-common"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-docs"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-examples"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-extras"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-user"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.16+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11
7.0.52-1ubuntu0.13
7.0.52-1ubuntu0.14
7.0.52-1ubuntu0.15
7.0.52-1ubuntu0.16
7.0.52-1ubuntu0.16+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "libservlet3.0-java"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "libtomcat7-java"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-admin"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-common"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-docs"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-examples"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-user"
}
]
}Ubuntu:Pro:16.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.4+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2
7.0.68-1ubuntu0.4+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "libservlet3.0-java"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "libtomcat7-java"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-admin"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-common"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-docs"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-examples"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-user"
}
]
}Ubuntu:Pro:18.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.78-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:22.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2+esm3?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.43-3
9.0.54-1
9.0.55-1
9.0.58-1
9.0.58-1ubuntu0.1
9.0.58-1ubuntu0.1+esm1
9.0.58-1ubuntu0.1+esm2
9.0.58-1ubuntu0.1+esm3
9.0.58-1ubuntu0.1+esm4
9.0.58-1ubuntu0.2
9.0.58-1ubuntu0.2+esm1
9.0.58-1ubuntu0.2+esm2
9.0.58-1ubuntu0.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-user"
}
]
}Ubuntu:Pro:24.04:LTS
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm3?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1.10-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.16-1ubuntu0.1~esm1
10.1.16-1ubuntu0.1~esm2
10.1.16-1ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-embed-java"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-admin"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-common"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-docs"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-examples"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-user"
}
]
}