CVE-2022-23181

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23181

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23181.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23181

Aliases

Related

Published

2022-01-27T13:15:08Z

Modified

2024-09-18T03:12:58.182786Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

References

Affected packages

Debian:11 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.43-2~deb11u4

Affected versions

9.*

9.0.43-1

9.0.43-2~deb11u1

9.0.43-2~deb11u2

9.0.43-2~deb11u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.58-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.58-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Last affected

0e59fedb28df646930c5aff945159b64d7a52260

Last affected

0f3f1e439a040068b741d77777766722e4420ad6

Last affected

27f7ef8cd0c637b700d564ec20f6ff92901f6b5c

Last affected

2a10c8d9110d7b1c7f526f3352648c6b19ba2c52

Introduced

e4344b6bd67359e1690312674d83710a793f1d5b

Last affected

3bb5b5fcf02e25ae627e480937e755e0a99c82d7

Last affected

51d1031c36c0f2b3ee1e0d14b56228a559144153

Last affected

6f143d19d151620cd0bfe9ec2ffa429e36ad0e45

Last affected

8778a44d6323c1066237043a89ab2f36696916b1

Last affected

9826be4c8368c94eab1e804b456867ca1cb766c3

Introduced

fc2c65d390444d75412855ad0de8b878018d02dc

Last affected

af2a7a4fb2db07390362af12d0020d550abd8785

Last affected

b3a208c6d6d01c553178c5e718e750b0eb318151

Last affected

b3f5e0d88336d81a61a767fc10ab06930c9587ee

Last affected

c549413165721180b15f62033c1be6c5970028fd

Last affected

cd53876fefaa370c31466b0f615e9ad026541a27

Last affected

e706972942e2c342e4a37baf5e2596f11e8a0e94

Introduced

c8a57e4a2db8e5af314bae48123fb5990da5b7a5

Last affected

e8de8521b0f88b452ac6bd79abad3aad3bcc18b6

Last affected

f2ab9ac8bc3f40ee9b2cb50b030c99df927f0429