Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-23181

Опубликовано: 27 янв. 2022
Источник: debian
EPSS Низкий

Описание

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat9fixed9.0.58-1package
tomcat8removedpackage
tomcat8postponedstretchpackage

Примечания

  • https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

  • https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57)

  • https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74)

  • Issue introduced by the fix for CVE-2020-9484

EPSS

Процентиль: 34%
0.00138
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-23181

CVSS3: 7
ubuntu
больше 3 лет назад

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

redhat логотип

CVE-2022-23181

CVSS3: 7
redhat
больше 3 лет назад

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

nvd логотип

CVE-2022-23181

CVSS3: 7
nvd
больше 3 лет назад

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

suse-cvrf логотип

openSUSE-SU-2022:0818-1

suse-cvrf
больше 3 лет назад

Security update for tomcat

suse-cvrf логотип

SUSE-SU-2022:0818-1

suse-cvrf
больше 3 лет назад

Security update for tomcat

EPSS

Процентиль: 34%
0.00138
Низкий