Published: 13/05/2022 Updated: 23/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat
oracle agile plm 9.3.6

A flaw was found in the tomcat package When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed In this case, the error handling triggered could cause the pooled object to be placed in the pool twice This issue results in subsequen ...

Cosminexus Component Container contain the following vulnerabilities: CVE-2021-43980, CVE-2022-25762 Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products For details about the ...

CWE-404 https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c https://security.netapp.com/advisory/ntap-20220629-0003/https://www.oracle.com/security-alerts/cpujul2022.html https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2022-1627.html

CVE-2022-25762

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect