CVE-2022-45143

Published Jan 3, 2023

Last updated a year ago

CVSS high 7.5

Overview

Description: The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

Weaknesses

security@apache.org: CWE-116
nvd@nist.gov: CWE-116

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24BAD725-BA56-4B40-9BFA-1B6B99348F7D",
            "versionEndExcluding": "9.0.69",
            "versionStartIncluding": "9.0.40"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:8.5.83:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BA74802-4328-4AB7-AE53-7118C3EA5018"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8FEA1A6-0E39-4099-ABC4-73B921FE5C4F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References