Apache Software Foundation Tomcat 10.0.20

CPE Details

Apache Software Foundation Tomcat 10.0.20
apache
tomcat
10.0.20
2022-05-18
13h04 +00:00
2022-05-19
10h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:tomcat:10.0.20:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

tomcat

Version

10.0.20

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-42252 2022-11-01 00h00 +00:00 If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
7.5
High
CVE-2022-34305 2022-06-23 08h30 +00:00 In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
6.1
Medium
CVE-2022-29885 2022-05-11 22h00 +00:00 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
7.5
High