7.5

CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

Data is provided by the National Vulnerability Database (NVD)
ApacheTomcat Version >= 8.5.38 <= 8.5.78
ApacheTomcat Version >= 9.0.13 <= 9.0.62
ApacheTomcat Version >= 10.0.0 <= 10.0.20
ApacheTomcat Version10.1.0 Updatemilestone1
ApacheTomcat Version10.1.0 Updatemilestone10
ApacheTomcat Version10.1.0 Updatemilestone11
ApacheTomcat Version10.1.0 Updatemilestone12
ApacheTomcat Version10.1.0 Updatemilestone13
ApacheTomcat Version10.1.0 Updatemilestone14
ApacheTomcat Version10.1.0 Updatemilestone2
ApacheTomcat Version10.1.0 Updatemilestone3
ApacheTomcat Version10.1.0 Updatemilestone4
ApacheTomcat Version10.1.0 Updatemilestone5
ApacheTomcat Version10.1.0 Updatemilestone6
ApacheTomcat Version10.1.0 Updatemilestone7
ApacheTomcat Version10.1.0 Updatemilestone8
ApacheTomcat Version10.1.0 Updatemilestone9
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 68.72% 0.986
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.