Lucene search

[email protected]NVD:CVE-2022-29885

HistoryMay 12, 2022 - 8:15 a.m.

CVE-2022-29885

2022-05-1208:15:07

CWE-400

[email protected]

web.nvd.nist.gov

apache tomcat

encryptinterceptor

documentation issue

untrusted network

dos risks

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.029

Percentile

90.8%

JSON

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

Affected configurations

Nvd

Node

apachetomcatRange8.5.38–8.5.78

apachetomcatRange9.0.13–9.0.62

apachetomcatRange10.0.0–10.0.20

apachetomcatMatch10.1.0milestone1

apachetomcatMatch10.1.0milestone10

apachetomcatMatch10.1.0milestone11

apachetomcatMatch10.1.0milestone12

apachetomcatMatch10.1.0milestone13

apachetomcatMatch10.1.0milestone14

apachetomcatMatch10.1.0milestone2

apachetomcatMatch10.1.0milestone3

apachetomcatMatch10.1.0milestone4

apachetomcatMatch10.1.0milestone5

apachetomcatMatch10.1.0milestone6

apachetomcatMatch10.1.0milestone7

apachetomcatMatch10.1.0milestone8

apachetomcatMatch10.1.0milestone9

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

oraclehospitality_cruise_shipboard_property_management_systemMatch20.2.1

VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	*	cpe:2.3:a:apache:tomcat::::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::