Vulnerabilities in Tomcat version(9.0.65) in Docker base image

Issue date: 18-07-2023
Affects versions: 15.2, 15.1, 14.7, 13.4

Security Issue ID

SECURITY-422

Affected Product Version(s)

15.2.1, 15.1.4, 14.7.13, 13.4.22 and previous releases.

Severity

High

Description

CVE-2022-45143 suppress

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Container image tomcat:9-jdk11-openjdk-slim is using the vulnerable Tomcat version 9.0.65

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.2.3,14.7.14,13.4.23.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Vulnerabilities in Tomcat version(9.0.65) in Docker base image