OESA-2023-1058

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1058

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1058.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2023-1058

Upstream

CVE-2022-42252

Published

2023-02-03T11:04:50Z

Modified

2025-09-03T06:18:31.574962Z

Summary

tomcat security update

Details

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project

Security Fix(es):

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.(CVE-2022-42252)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/openEuler/tomcat&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.10-27.oe1

Ecosystem specific

{
    "src": [
        "tomcat-9.0.10-27.oe1.src.rpm"
    ],
    "noarch": [
        "tomcat-help-9.0.10-27.oe1.noarch.rpm",
        "tomcat-9.0.10-27.oe1.noarch.rpm",
        "tomcat-jsvc-9.0.10-27.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/openEuler/tomcat&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.10-26.oe1

Ecosystem specific

{
    "src": [
        "tomcat-9.0.10-26.oe1.src.rpm"
    ],
    "noarch": [
        "tomcat-help-9.0.10-26.oe1.noarch.rpm",
        "tomcat-jsvc-9.0.10-26.oe1.noarch.rpm",
        "tomcat-9.0.10-26.oe1.noarch.rpm"
    ]
}

openEuler:22.03-LTS / tomcat

Package

Name: tomcat
Purl: pkg:rpm/openEuler/tomcat&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.10-29.oe2203sp1

Ecosystem specific

{
    "src": [
        "tomcat-9.0.10-27.oe2203.src.rpm",
        "tomcat-9.0.10-29.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "tomcat-help-9.0.10-27.oe2203.noarch.rpm",
        "tomcat-jsvc-9.0.10-27.oe2203.noarch.rpm",
        "tomcat-9.0.10-27.oe2203.noarch.rpm",
        "tomcat-jsvc-9.0.10-29.oe2203sp1.noarch.rpm",
        "tomcat-help-9.0.10-29.oe2203sp1.noarch.rpm",
        "tomcat-9.0.10-29.oe2203sp1.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/openEuler/tomcat&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.10-29.oe2203sp1

Ecosystem specific

{
    "src": [
        "tomcat-9.0.10-29.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "tomcat-jsvc-9.0.10-29.oe2203sp1.noarch.rpm",
        "tomcat-help-9.0.10-29.oe2203sp1.noarch.rpm",
        "tomcat-9.0.10-29.oe2203sp1.noarch.rpm"
    ]
}