Apache Tomcat Vulnerability CVE-2022-23181 

Issue date: 21-09-2022
Affects versions: 15.1, 14.7, 13.4

Security Issue ID


Affected Product Version(s)

15.1.0, 14.7.8, 13.4.18, and all previous versions





Apache Tomcat versions 8.5.55 through 8.5.73, 9.0.35 through 9.0.56, 10.0.0-M5 through 10.0.14, and 10.1.0-M1 through 10.1.0-M8 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using.

The problem has been recognized and patched. 


Customers are recommended to upgrade to the latest version. As of the time of writing, 15.1.1, 14.7.9 or 13.4.19