SG-1509 CLONE - Reports - Upgrade apache tomcat to 9.0.63 to address vulnerability CVE-2022-29885. - HxGN EAM - Version 12.0

SG-1509 CLONE - Reports - Upgrade apache tomcat to 9.0.63 to address vulnerability CVE-2022-29885. - HxGN EAM - Version 12.0 - Hexagon

HxGN EAM Resolved Issues for 2022

Language

English

Product

HxGN EAM

Search by Category

HxGN EAM Version

SG-1509 CLONE - Reports - Upgrade apache tomcat to 9.0.63 to address vulnerability CVE-2022-29885.

Description

Apache tomcat versions < 9.0.63 have the following vulnerability.

*Low: Apache Tomcat EncryptInterceptor DoS* [CVE-2022-29885|http://]

The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

This was fixed with commit [eaafd282|https://]

This issue was reported to the Apache Tomcat Security team by 4ra1n on 17 April 2022. The issue was made public on 10 May 2022.

Affects: 9.0.13 to 9.0.62