BIT-tomcat-2022-45143

2024-03-0611:09:02

Google

osv.dev

apache tomcat

jsonerrorreportvalve

security issue

user data

json output

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.005 Low

EPSS

Percentile

75.9%

JSON

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

CPENameOperatorVersion
tomcatle10.1.0-milestone6
tomcatge10.1.0-milestone4
tomcatle10.1.0-milestone12
tomcatle10.1.0-milestone2
tomcatle10.1.0-milestone9
tomcatge10.1.0-milestone15
tomcatle10.1.0-milestone7
tomcatle10.1.0-milestone3
tomcatge10.1.0-milestone6
tomcatge8.5.83

Name	Operator	Version
tomcat	le	10.1.0-milestone6
tomcat	ge	10.1.0-milestone4
tomcat	le	10.1.0-milestone12
tomcat	le	10.1.0-milestone2
tomcat	le	10.1.0-milestone9
tomcat	ge	10.1.0-milestone15
tomcat	le	10.1.0-milestone7
tomcat	le	10.1.0-milestone3
tomcat	ge	10.1.0-milestone6
tomcat	ge	8.5.83