Published: 03/01/2023 Updated: 27/06/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance. (CVE-2019-12418) When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. (CVE-2019-17563) A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-13935) The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. (CVE-2021-43980) The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. (CVE-2022-45143) Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998) When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 10.1.0
apache tomcat 10.1.1
apache tomcat
apache tomcat 8.5.83

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if To ...

Synopsis Low: Red Hat JBoss Web Server 572 release and security update Type/Severity Security Advisory: Low Topic Red Hat JBoss Web Server 572 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Microsoft WindowsRed Hat Product Security has rated this release as having ...

Synopsis Low: Red Hat JBoss Web Server 572 release and security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Web Server 572 on Red Hat Enterprise Linux versions 7, 8, a ...

Synopsis Important: Red Hat support for Spring Boot 2713 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...

Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...

DescriptionThe MITRE CVE dictionary describes this issue as: The JsonErrorReportValve in Apache Tomcat 8583, 9040 to 9068 and 1010-M1 to 1011 did not escape the type, message or description values In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated ...

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack The attacker could then capture user names and passwords used to access the JMX interface ...

CWE-116 https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj https://security.gentoo.org/glsa/202305-37 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5381 https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-013.html

CVE-2022-45143

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect