UBUNTU-CVE-2022-45143
- Source
- https://ubuntu.com/security/CVE-2022-45143
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-45143.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-45143
- Upstream
- Published
- 2023-01-03T19:15:00Z
- Modified
- 2025-07-16T07:57:00.132879Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
- References
-
- https://ubuntu.com/security/CVE-2022-45143
- https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
- https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
- https://www.openwall.com/lists/oss-security/2023/01/03/1
- https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
- https://www.cve.org/CVERecord?id=CVE-2022-45143
Affected packages
Ubuntu:Pro:16.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.13+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4
8.0.32-1ubuntu1.5
8.0.32-1ubuntu1.6
8.0.32-1ubuntu1.7
8.0.32-1ubuntu1.8
8.0.32-1ubuntu1.9
8.0.32-1ubuntu1.10
8.0.32-1ubuntu1.11
8.0.32-1ubuntu1.13
8.0.32-1ubuntu1.13+esm1
Ubuntu:Pro:18.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm5?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
8.5.39-1ubuntu1~18.04.3+esm2
8.5.39-1ubuntu1~18.04.3+esm3
8.5.39-1ubuntu1~18.04.3+esm4
8.5.39-1ubuntu1~18.04.3+esm5
Ubuntu:Pro:18.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm7?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9+esm2?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2?arch=source&distro=jammy
Ubuntu:24.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.70-1ubuntu1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.70-1ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "libtomcat9-java"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "tomcat9"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "tomcat9-admin"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "tomcat9-common"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "tomcat9-docs"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.70-1ubuntu1",
"binary_name": "tomcat9-user"
}
]
}