Apache Software Foundation Tomcat 10.0.19

CPE Details

Apache Software Foundation Tomcat 10.0.19
10.0.19
2022-05-24
10h53 +00:00
2022-05-24
10h55 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:tomcat:10.0.19:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

tomcat

Version

10.0.19

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-42252 2022-11-01 00h00 +00:00 If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
7.5
Haute
CVE-2022-34305 2022-06-23 08h30 +00:00 In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
6.1
Moyen
CVE-2022-29885 2022-05-11 22h00 +00:00 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
7.5
Haute