CVE-2022-34305
N/A
N/A
Summary
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat | Apache Tomcat 8.5 8.5.50 to 8.5.81 | affected |
| Apache Software Foundation | Apache Tomcat | Apache Tomcat 9 9.0.30 to 9.0.64 | affected |
| Apache Software Foundation | Apache Tomcat | Apache Tomcat 10.0 10.0.0-M1 to 10.0.22 | affected |
| Apache Software Foundation | Apache Tomcat | Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
- http://www.openwall.com/lists/oss-security/2022/06/23/1
- https://security.netapp.com/advisory/ntap-20220729-0006/
- https://security.gentoo.org/glsa/202208-34
References
- https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
- http://www.openwall.com/lists/oss-security/2022/06/23/1
- https://security.netapp.com/advisory/ntap-20220729-0006/
- https://security.gentoo.org/glsa/202208-34
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.