UBUNTU-CVE-2022-23181
- Source
- https://ubuntu.com/security/CVE-2022-23181
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23181.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-23181
- Upstream
- Downstream
- Related
- Published
- 2022-01-27T13:15:00Z
- Modified
- 2025-07-18T16:49:16Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
- References
-
- https://ubuntu.com/security/CVE-2022-23181
- https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
- https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e
- https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
- https://www.cve.org/CVERecord?id=CVE-2022-23181
- https://ubuntu.com/security/notices/USN-6943-1
Affected packages
Ubuntu:Pro:16.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.13+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.32-1ubuntu1.13+esm1
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4
8.0.32-1ubuntu1.5
8.0.32-1ubuntu1.6
8.0.32-1ubuntu1.7
8.0.32-1ubuntu1.8
8.0.32-1ubuntu1.9
8.0.32-1ubuntu1.10
8.0.32-1ubuntu1.11
8.0.32-1ubuntu1.13
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.1-java",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "libservlet3.1-java-doc",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:18.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.39-1ubuntu1~18.04.3+esm2
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat8-embed-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:18.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.16-3ubuntu0.18.04.2+esm2
Affected versions
9.*
9.0.16-3~18.04.1
9.0.16-3ubuntu0.18.04.1
9.0.16-3ubuntu0.18.04.2
9.0.16-3ubuntu0.18.04.2+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:20.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.6?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.31-1ubuntu0.6
Affected versions
9.*
9.0.24-1
9.0.27-1
9.0.31-1
9.0.31-1ubuntu0.1
9.0.31-1ubuntu0.2
9.0.31-1ubuntu0.3
9.0.31-1ubuntu0.4
9.0.31-1ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.31-1ubuntu0.6"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.31-1ubuntu0.6"
}
],
"availability": "No subscription required"
}