Apache Tomcat Vulnerability CVE-2022-23181

Issue date: 21-09-2022
Affects versions: 15.1, 14.7, 13.4

Security Issue ID

SECURITY-304

Affected Product Version(s)

15.1.0, 14.7.8, 13.4.18, and all previous versions

Severity

Medium

Description

CVE-2022-23181

Apache Tomcat versions 8.5.55 through 8.5.73, 9.0.35 through 9.0.56, 10.0.0-M5 through 10.0.14, and 10.1.0-M1 through 10.1.0-M8 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using.

The problem has been recognized and patched.

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.1.1, 14.7.9 or 13.4.19

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Apache Tomcat Vulnerability CVE-2022-23181