ID

VAR-202201-0559


CVE

CVE-2022-23181


TITLE

Apache Tomcat permissions permission and access control issue vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-08354

DESCRIPTION

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Apache Tomcat is a lightweight web application server of the American Apache (Apache) Foundation. The program implements support for Servlet and JavaServer Page (JSP). Apache Tomcat has permission permissions and access control issues. An attacker can bypass Apache Tomcat's restrictions through FileStore Sessions to escalate his permissions. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2046279 - CVE-2022-22932 karaf: path traversal flaws 2046282 - CVE-2021-41766 karaf: insecure java deserialization 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096) 2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file 2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor 2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization 5. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 5.7.0 release and security update Advisory ID: RHSA-2022:7272-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2022:7272 Issue date: 2022-11-02 CVE Names: CVE-2022-23181 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 5.7 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.0 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: local privilege escalation vulnerability (CVE-2022-23181) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 6. Package List: Red Hat JBoss Web Server 5.7 for RHEL 7 Server: Source: jws5-ecj-4.20.0-1.redhat_00002.1.el7jws.src.rpm jws5-tomcat-9.0.62-9.redhat_00005.1.el7jws.src.rpm jws5-tomcat-native-1.2.31-10.redhat_10.el7jws.src.rpm noarch: jws5-ecj-4.20.0-1.redhat_00002.1.el7jws.noarch.rpm jws5-tomcat-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.62-9.redhat_00005.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.31-10.redhat_10.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-10.redhat_10.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.7 for RHEL 8: Source: jws5-ecj-4.20.0-1.redhat_00002.1.el8jws.src.rpm jws5-tomcat-9.0.62-9.redhat_00005.1.el8jws.src.rpm jws5-tomcat-native-1.2.31-10.redhat_10.el8jws.src.rpm noarch: jws5-ecj-4.20.0-1.redhat_00002.1.el8jws.noarch.rpm jws5-tomcat-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.62-9.redhat_00005.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.31-10.redhat_10.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-10.redhat_10.el8jws.x86_64.rpm Red Hat JBoss Web Server 5.7 for RHEL 9: Source: jws5-1-8.el9jws.src.rpm jws5-ecj-4.20.0-1.redhat_00002.1.el9jws.src.rpm jws5-javapackages-tools-3.4.1-5.15.11.el9jws.src.rpm jws5-jboss-logging-3.4.1-1.Final_redhat_00001.1.el9jws.src.rpm jws5-mod_cluster-1.4.3-2.Final_redhat_00002.1.el9jws.src.rpm jws5-tomcat-9.0.62-9.redhat_00005.1.el9jws.src.rpm jws5-tomcat-native-1.2.31-10.redhat_10.el9jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el9jws.src.rpm noarch: jws5-ecj-4.20.0-1.redhat_00002.1.el9jws.noarch.rpm jws5-javapackages-tools-3.4.1-5.15.11.el9jws.noarch.rpm jws5-jboss-logging-3.4.1-1.Final_redhat_00001.1.el9jws.noarch.rpm jws5-mod_cluster-1.4.3-2.Final_redhat_00002.1.el9jws.noarch.rpm jws5-mod_cluster-tomcat-1.4.3-2.Final_redhat_00002.1.el9jws.noarch.rpm jws5-python-javapackages-3.4.1-5.15.11.el9jws.noarch.rpm jws5-tomcat-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-lib-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-selinux-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el9jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el9jws.noarch.rpm jws5-tomcat-webapps-9.0.62-9.redhat_00005.1.el9jws.noarch.rpm x86_64: jws5-1-8.el9jws.x86_64.rpm jws5-runtime-1-8.el9jws.x86_64.rpm jws5-tomcat-native-1.2.31-10.redhat_10.el9jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-10.redhat_10.el9jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23181 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2JoxdzjgjWX9erEAQgBthAAoenDKKMVhg3cftJvIZ+HbMcReE/vRlif NSofyo787+9uOGOL4sCaveMdiBtiw06bzcLsd44STR7ug41vETKbJa3k87b1HY5S jGzYvFk2fHKkb+9HnMs3UNCFi9TV361IA4hkV4yTtgGxtUKhd5hdrEq4cR0c3BMo 9pJi7+F4MKuChzUwWcJD8nnrGckwk6/I7QXUDVZisCwy2PIUKvhVMlJf6ojXXKIv TgIAKeo890DmRQRr8D5Plc1h7MYAr+YFSaTftrifE1wanBiIF0NHiVcWO845LaMc bwSKsF0dcx7BOzs7huxkK870M1KnYrdSLFgYQtSz8Az119vrQCukfGfuF+2LfxxT jNwzZ7VJa8Coci5v0Lez+U/b4r5WqtUkHheUqrYvC0PP37Swucj3MhRk657KvSsS u3NyhlnIZmWJOel4B2KSCmIvGSj8irAmAOAWCFhSFaRZFDGfRQ+D3k/sb1kIWtQB VGheaUXm11sOqvl+T2ecinUvddC05sRvvcSY0iXEyupFvpOUsG3DpYQI6c0ffGc6 QTnMdWLMCxRSSe3g21hJ4QTzYMi6oSa+2KLho8GlJe0d1PXR3bS128/2h4/R5bmJ 18XF/i/tC7/9OtZfkoTNkZh6AmjI/tH0qj6XlsU2B3sTd8rBJ0Ry3twhhdUKBIdT PmiEP6NSVY8=R1gB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. CVE-2021-43980 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. CVE-2022-29885 The documentation of Apache Tomcat for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. For the stable distribution (bullseye), these problems have been fixed in version 9.0.43-2~deb11u4. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdoYJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRLxxAAzz/exjL7ERlJfqqvv1ofnRRmmJYtqaofzV8Ewb/xrFIQM8ZXohWLF9a0 s0monZtUm+eQEKM3nYl1nXPI4l/shKnvo9yU17gcxqBgzBeYqsX9hqDm2Ie0raS7 n22rwO4fHcQJ7vhSx2oYNL++YbEYQFEZgz+ZfiOLStHc2pIq2fxi4+jXuXHMUwuS KuCOYF8VLBjY87T7BT168GtKi02sIQzbXgAQSAGU6WsOvV4DLjagn/g+b1lK8F5u xO6rU2iM6pR73Ei2H2pb1B39BGhjorub7L2GQfiIMKf3bD7M+jflCnGq3n/xsUrO 6PkaSCaN4DEip9V+3DBJ4TcOj0x/LzHMHimDoZ/CLI5qoPq5KWS4L7AKXM876+v5 HIIzDH5B5INTeSEoVDkgKVx2fy8ZbaeDV+cmFTjXb+pmFpxxEuPGRYJg3Mv8PsqZ qPUqyrTKx8treIfXNJhJL00omDAX1T75H38BMNv56BbAHcBfszyFHHzr9uPo0+Fc tLYanZlx48IfCLXhOl2VcyE5up1snJmtMG1S2wFfl4btVfApGSAzAxSeYau+EGTu poFmm/5atf68cKEyGIuPFeNk97mqIp55gDi5lks/Cs7wW/EJndzFd/g5LwXb1HO1 E30OhC79DT0Jlwpw3+VhS475K3XzGOhnk4x6DA1a/NtAzzaz7dg= =U52K -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6943-1 August 01, 2024 tomcat8, tomcat9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat9: Servlet and JSP engine - tomcat8: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484) It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-25122) Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS packets. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-41079) Trung Pham discovered that a race condition existed in Tomcat when handling session files with FileStore. A remote attacker could possibly use this issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS (CVE-2022-23181) It was discovered that Tomcat's documentation incorrectly stated that EncryptInterceptor provided availability protection when running over an untrusted network. A remote attacker could possibly use this issue to cause a denial of service even if EncryptInterceptor was being used. This issue affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS tomcat9-docs 9.0.58-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libtomcat9-java 9.0.31-1ubuntu0.6 tomcat9 9.0.31-1ubuntu0.6 tomcat9-docs 9.0.31-1ubuntu0.6 Ubuntu 18.04 LTS libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat8 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat8-docs 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat9 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat9-docs 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libtomcat8-java 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro tomcat8 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes

Trust: 2.07

sources: NVD: CVE-2022-23181 // CNVD: CNVD-2022-08354 // VULMON: CVE-2022-23181 // PACKETSTORM: 167841 // PACKETSTORM: 169694 // PACKETSTORM: 169697 // PACKETSTORM: 170859 // PACKETSTORM: 169603 // PACKETSTORM: 179893

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-08354

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:lteversion:9.0.56

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.2.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.29

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.55

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.3.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:10.0.0

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:10.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:8.5.73

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:10.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:9.0.35

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:10.0.14

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.55,<=8.5.73

Trust: 0.6

vendor:apachemodel:tomcatscope:gteversion:9.0.35,<=9.0.56

Trust: 0.6

sources: CNVD: CNVD-2022-08354 // NVD: CVE-2022-23181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23181
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-08354
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202201-2423
value: HIGH

Trust: 0.6

VULMON: CVE-2022-23181
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-23181
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-08354
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-23181
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-08354 // VULMON: CVE-2022-23181 // CNNVD: CNNVD-202201-2423 // NVD: CVE-2022-23181

PROBLEMTYPE DATA

problemtype:CWE-367

Trust: 1.0

sources: NVD: CVE-2022-23181

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2423

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202201-2423

PATCH

title:Patch for Apache Tomcat permissions permission and access control issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/317661

Trust: 0.6

title:Apache Tomcat Fixes for permissions and access control issues vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=180352

Trust: 0.6

title:Red Hat: Moderate: Red Hat JBoss Web Server 5.7.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227272 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1572url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1572

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Web Server 5.7.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227273 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2022-23181url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-23181

Trust: 0.1

title:Debian Security Advisories: DSA-5265-1 tomcat9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ff46eee51fe9c568d7579825e9f7646

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-044url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-044

Trust: 0.1

title:Amazon Linux 2022: ALAS-2022-233url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-233

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.11.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory

Trust: 0.1

title: - url:https://github.com/pen4uin/awesome-vulnerability-research

Trust: 0.1

title: - url:https://github.com/pen4uin/vulnerability-research

Trust: 0.1

title: - url:https://github.com/pen4uin/vulnerability-research-list

Trust: 0.1

sources: CNVD: CNVD-2022-08354 // VULMON: CVE-2022-23181 // CNNVD: CNNVD-202201-2423

EXTERNAL IDS

db:NVDid:CVE-2022-23181

Trust: 2.9

db:PACKETSTORMid:169697

Trust: 0.7

db:PACKETSTORMid:169603

Trust: 0.7

db:CNVDid:CNVD-2022-08354

Trust: 0.6

db:AUSCERTid:ESB-2022.1107

Trust: 0.6

db:AUSCERTid:ESB-2022.5535

Trust: 0.6

db:AUSCERTid:ESB-2022.5458

Trust: 0.6

db:AUSCERTid:ESB-2022.0730

Trust: 0.6

db:AUSCERTid:ESB-2023.0665

Trust: 0.6

db:AUSCERTid:ESB-2022.0993

Trust: 0.6

db:CS-HELPid:SB2022042257

Trust: 0.6

db:CS-HELPid:SB2022030854

Trust: 0.6

db:CS-HELPid:SB2022041951

Trust: 0.6

db:CS-HELPid:SB2022042119

Trust: 0.6

db:CS-HELPid:SB2022012708

Trust: 0.6

db:CS-HELPid:SB2022072013

Trust: 0.6

db:CNNVDid:CNNVD-202201-2423

Trust: 0.6

db:VULMONid:CVE-2022-23181

Trust: 0.1

db:PACKETSTORMid:167841

Trust: 0.1

db:PACKETSTORMid:169694

Trust: 0.1

db:PACKETSTORMid:170859

Trust: 0.1

db:PACKETSTORMid:179893

Trust: 0.1

sources: CNVD: CNVD-2022-08354 // VULMON: CVE-2022-23181 // PACKETSTORM: 167841 // PACKETSTORM: 169694 // PACKETSTORM: 169697 // PACKETSTORM: 170859 // PACKETSTORM: 169603 // PACKETSTORM: 179893 // CNNVD: CNNVD-202201-2423 // NVD: CVE-2022-23181

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-23181

Trust: 1.7

url:https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20220217-0010/

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5265

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2022.0730

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0993

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072013

Trust: 0.6

url:https://packetstormsecurity.com/files/169697/red-hat-security-advisory-2022-7272-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042257

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012708

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0665

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042119

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041951

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-tomcat-privilege-escalation-via-filestore-sessions-37391

Trust: 0.6

url:https://packetstormsecurity.com/files/169603/debian-security-advisory-5265-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5458

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5535

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030854

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1107

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:7272

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-29885

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/367.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2022-1572.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22696

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7273

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0272

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.7/html/release_notes_for_spring_boot_2.7/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.spring.boot&version=2.7.2.sp1

Trust: 0.1

url:https://security-tracker.debian.org/tracker/tomcat9

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43980

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6943-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41079

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.6

Trust: 0.1

sources: CNVD: CNVD-2022-08354 // VULMON: CVE-2022-23181 // PACKETSTORM: 167841 // PACKETSTORM: 169694 // PACKETSTORM: 169697 // PACKETSTORM: 170859 // PACKETSTORM: 169603 // PACKETSTORM: 179893 // CNNVD: CNNVD-202201-2423 // NVD: CVE-2022-23181

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 167841 // PACKETSTORM: 169694 // PACKETSTORM: 169697 // PACKETSTORM: 170859

SOURCES

db:CNVDid:CNVD-2022-08354
db:VULMONid:CVE-2022-23181
db:PACKETSTORMid:167841
db:PACKETSTORMid:169694
db:PACKETSTORMid:169697
db:PACKETSTORMid:170859
db:PACKETSTORMid:169603
db:PACKETSTORMid:179893
db:CNNVDid:CNNVD-202201-2423
db:NVDid:CVE-2022-23181

LAST UPDATE DATE

2024-11-23T19:42:58.520000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-08354date:2022-02-05T00:00:00
db:VULMONid:CVE-2022-23181date:2022-11-07T00:00:00
db:CNNVDid:CNNVD-202201-2423date:2023-02-07T00:00:00
db:NVDid:CVE-2022-23181date:2024-11-21T06:48:08.640

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-08354date:2022-02-05T00:00:00
db:VULMONid:CVE-2022-23181date:2022-01-27T00:00:00
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:PACKETSTORMid:169694date:2022-11-02T15:01:08
db:PACKETSTORMid:169697date:2022-11-02T15:01:44
db:PACKETSTORMid:170859date:2023-02-07T16:32:55
db:PACKETSTORMid:169603date:2022-10-31T15:02:10
db:PACKETSTORMid:179893date:2024-08-02T16:04:27
db:CNNVDid:CNNVD-202201-2423date:2022-01-26T00:00:00
db:NVDid:CVE-2022-23181date:2022-01-27T13:15:08.060