Lucene search

[email protected]NVD:CVE-2022-34305

HistoryJun 23, 2022 - 11:15 a.m.

CVE-2022-34305

2022-06-2311:15:07

CWE-79

[email protected]

web.nvd.nist.gov

apache tomcat

xss

form authentication

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.0%

JSON

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

Affected configurations

Nvd

Node

apachetomcatRange8.5.50–8.5.81

apachetomcatRange9.0.30–9.0.64

apachetomcatRange10.0.0–10.0.22

apachetomcatMatch10.1.0milestone1

apachetomcatMatch10.1.0milestone10

apachetomcatMatch10.1.0milestone11

apachetomcatMatch10.1.0milestone12

apachetomcatMatch10.1.0milestone13

apachetomcatMatch10.1.0milestone14

apachetomcatMatch10.1.0milestone15

apachetomcatMatch10.1.0milestone16

apachetomcatMatch10.1.0milestone2

apachetomcatMatch10.1.0milestone3

apachetomcatMatch10.1.0milestone4

apachetomcatMatch10.1.0milestone5

apachetomcatMatch10.1.0milestone6

apachetomcatMatch10.1.0milestone7

apachetomcatMatch10.1.0milestone8

apachetomcatMatch10.1.0milestone9

VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*
apachetomcat10.1.0cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	*	cpe:2.3:a:apache:tomcat::::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::
apache	tomcat	10.1.0	cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::