7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.005 Low
EPSS
Percentile
75.9%
Low: Apache Tomcat JsonErrorReportValve injection CVE-2022-45143
The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
This was fixed with commit 0cab3a56.
This issue was identified by the Apache Tomcat Security team on 2 September 2022. The issue was made public on 3 January 2023.
Affects: 8.5.83
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | eq | 8.5.83 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.005 Low
EPSS
Percentile
75.9%