vulnerability

Debian: CVE-2022-25762: tomcat9 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	05/13/2022	07/30/2024	07/30/2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

05/13/2022

Added

07/30/2024

Modified

07/30/2024

Description

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

Solution

debian-upgrade-tomcat9

References

CVE-2022-25762
https://attackerkb.com/topics/CVE-2022-25762

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today