CVE-2022-34305
Published on: Not Yet Published
Last Modified on: 10/26/2022 10:49:00 PM UTC
Certain versions of Tomcat from Apache contain the following vulnerability:
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
- CVE-2022-34305 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
Apache Software Foundation - Apache Tomcat version = 8.5.50 to 8.5.81
- Affected Vendor/Software:
Apache Software Foundation - Apache Tomcat version = 9.0.30 to 9.0.64
- Affected Vendor/Software:
Apache Software Foundation - Apache Tomcat version = 10.0.0-M1 to 10.0.22
- Affected Vendor/Software:
Apache Software Foundation - Apache Tomcat version = 10.1.0-M1 to 10.1.0-M16
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
oss-security - CVE-2022-34305: Apache Tomcat: XSS in examples web application | www.openwall.com text/html |
![]() |
CVE-2022-34305 Apache Tomcat Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
Apache Tomcat: Multiple Vulnerabilities (GLSA 202208-34) — Gentoo security | security.gentoo.org text/html |
![]() |
No Description Provided | lists.apache.org text/html |
![]() |
Related QID Numbers
- 150541 Apache Tomcat Cross-Site Scripting(XSS) Vulnerability (CVE-2022-34305)
- 20270 Oracle Database 21c Critical Patch Update - October 2022
- 20271 Oracle Database 19c Critical Patch Update - October 2022
- 20272 Oracle Database 19c Critical OJVM Patch Update - October 2022
- 296084 Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)
- 690921 Free Berkeley Software Distribution (FreeBSD) Security Update for tomcat (e2e7faf9-1b51-11ed-ae46-002b67dfc673)
- 710609 Gentoo Linux Apache Tomcat Multiple Vulnerabilities (GLSA 202208-34)
- 730645 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
- 730649 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
- 730658 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
- 730664 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Apache | Tomcat | 10.1.0 | milestone1 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone10 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone11 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone12 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone13 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone14 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone15 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone16 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone2 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone3 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone4 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone5 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone6 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone7 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone8 | All | All |
Application | Apache | Tomcat | 10.1.0 | milestone9 | All | All |
Application | Apache | Tomcat | All | All | All | All |
Application | Apache | Tomcat | All | All | All | All |
Application | Apache | Tomcat | All | All | All | All |
- cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-34305 : In #Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.… twitter.com/i/web/status/1… | 2022-06-23 10:36:36 |
![]() |
New Vulnerability: CVE-2022-34305 #InceptusSecure #UnderOurProtection | 2022-06-23 12:15:01 |
![]() |
Tomcat - CVE-2022-34305: lists.apache.org/thread/k04zk0n… | 2022-06-23 13:02:06 |
![]() |
CVE-2022-34305 | 2022-06-23 11:38:55 |