CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
apachetomcat
8.5.0 ≤
𝑥
< 8.5.76
apachetomcat
9.0.0 ≤
𝑥
< 9.0.21
oracleagile_plm
9.3.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tomcat9
bullseye (security)
9.0.43-2~deb11u10
fixed
bullseye
9.0.43-2~deb11u10
fixed
stretch
ignored
bookworm
9.0.70-2
fixed
sid
9.0.95-1
fixed
trixie
9.0.95-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat8
bionic
needs-triage
xenial
needs-triage
tomcat9
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
focal
not-affected
bionic
needs-triage
Common Weakness Enumeration
References
https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
https://security.netapp.com/advisory/ntap-20220629-0003/
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
https://security.netapp.com/advisory/ntap-20220629-0003/
https://www.oracle.com/security-alerts/cpujul2022.html