Home

CVE-2022-23181

Description

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.236

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-23181,CVE-2020-9484 are fixed in 20 January 2022 Fixed in Apache Tomcat 10.0.16Windows
Vulnerabilities CVE-2022-23181,CVE-2020-9484 are fixed in 20 January 2022 Fixed in Apache Tomcat 9.0.58Windows
Vulnerabilities CVE-2022-23181,CVE-2020-9484 are fixed in 20 January 2022 Fixed in Apache Tomcat 8.5.75Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15Windows
Vulnerabilities CVE-2022-25762,CVE-2022-23181 are fixed in Apache - tomcat 8.5.75Windows
Vulnerabilities CVE-2022-23181 are fixed in Apache - tomcat 10.0.16Windows
Vulnerabilities CVE-2022-23181 are fixed in Apache - tomcat 9.0.58Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1Windows
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) javapackages-filesystem-5.3.1-14.5.1.x86_64.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-admin-webapps-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-docs-webapp-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-el-3_0-api-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-javadoc-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-jsp-2_3-api-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-lib-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-servlet-4_0-api-9.0.36-3.84.1.noarch.rpmLinux
SUSE-SU-2022:0784-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-webapps-9.0.36-3.84.1.noarch.rpmLinux
Vulnerabilities CVE-2022-23181,CVE-2020-9484 are fixed in 20 January 2022 Fixed in Apache Tomcat 10.0.16 (For Linux)Linux
Vulnerabilities CVE-2022-23181,CVE-2020-9484 are fixed in 20 January 2022 Fixed in Apache Tomcat 9.0.58 (For Linux)Linux
Vulnerabilities CVE-2022-23181,CVE-2020-9484 are fixed in 20 January 2022 Fixed in Apache Tomcat 8.5.75 (For Linux)Linux
Servlet and JSP engine (USN-6943-1) libtomcat9-java_9.0.31-1ubuntu0.6_all.debLinux
Servlet and JSP engine (USN-6943-1) tomcat9_9.0.31-1ubuntu0.6_all.debLinux
Servlet and JSP engine (USN-6943-1) tomcat9-docs_9.0.31-1ubuntu0.6_all.debLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-admin-webapps-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-docs-webapp-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-el-3.0-api-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-jsp-2.3-api-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-lib-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-servlet-4.0-api-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
tomcat9 Security Update (ALAS2023-2023-059) tomcat9-webapps-9.0.64-1.amzn2023.0.2.noarch.rpmLinux
Vulnerabilities CVE-2022-25762,CVE-2022-23181 are fixed in Apache - tomcat for Linux 8.5.75Linux
Vulnerabilities CVE-2022-23181 are fixed in Apache - tomcat for Linux 10.0.16Linux
Vulnerabilities CVE-2022-23181 are fixed in Apache - tomcat for Linux 9.0.58Linux
CVE-2022-23181NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234