{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45143", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-11-10T15:00:33.203Z", "datePublished": "2023-01-03T18:12:28.351Z", "dateUpdated": "2024-08-03T14:09:56.475Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "10.1.1", "status": "affected", "version": "10.1.0-M1", "versionType": "semver"}, {"lessThanOrEqual": "9.0.68", "status": "affected", "version": "9.0.40", "versionType": "semver"}, {"status": "affected", "version": "8.5.83"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output."}], "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-27T12:57:14.452Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"}, {"url": "https://security.gentoo.org/glsa/202305-37"}], "source": {"discovery": "INTERNAL"}, "title": "Apache Tomcat: JsonErrorReportValve escaping", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230216-0009/"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"}, {"url": "https://security.gentoo.org/glsa/202305-37", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:56.475Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T14:55:21.394332Z", "id": "CVE-2022-45143", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:55:50.547Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230216-0009/"}, {"url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202305-37", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:56.475Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-45143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T14:55:21.394332Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:55:46.720Z"}}], "cna": {"title": "Apache Tomcat: JsonErrorReportValve escaping", "source": {"discovery": "INTERNAL"}, "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Tomcat", "versions": [{"status": "affected", "version": "10.1.0-M1", "versionType": "semver", "lessThanOrEqual": "10.1.1"}, {"status": "affected", "version": "9.0.40", "versionType": "semver", "lessThanOrEqual": "9.0.68"}, {"status": "affected", "version": "8.5.83"}], "defaultStatus": "affected"}], "references": [{"url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202305-37"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.", "supportingMedia": [{"type": "text/html", "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-27T12:57:14.452Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45143", "state": "PUBLISHED", "dateUpdated": "2024-08-03T14:09:56.475Z", "dateReserved": "2022-11-10T15:00:33.203Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-01-03T18:12:28.351Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "24BAD725-BA56-4B40-9BFA-1B6B99348F7D", "versionEndExcluding": "9.0.69", "versionStartIncluding": "9.0.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.83:*:*:*:*:*:*:*", "matchCriteriaId": "7BA74802-4328-4AB7-AE53-7118C3EA5018", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*", "matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*", "matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*", "matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*", "matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*", "matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*", "matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*", "matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*", "matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*", "matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*", "matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*", "matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*", "matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*", "matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*", "matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8FEA1A6-0E39-4099-ABC4-73B921FE5C4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output."}], "id": "CVE-2022-45143", "lastModified": "2023-06-27T13:15:09.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-03T19:15:10.403", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202305-37"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "security@apache.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3954", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "tomcat", "product_name": "Red Hat Fuse 7.12", "release_date": "2023-06-29T00:00:00Z"}, {"advisory": "RHSA-2023:1664", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7", "package": "jws5-tomcat", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2023:1663", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7", "package": "jws5-tomcat-0:9.0.62-13.redhat_00011.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 7", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2023:1663", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8", "package": "jws5-tomcat-0:9.0.62-13.redhat_00011.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 8", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2023:1663", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9", "package": "jws5-tomcat-0:9.0.62-13.redhat_00011.1.el9jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 9", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2023:4612", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "tomcat", "product_name": "Red Hat support for Spring Boot 2.7.13", "release_date": "2023-08-16T00:00:00Z"}], "bugzilla": {"description": "tomcat: JsonErrorReportValve injection", "id": "2158695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-74", "details": ["The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.", "A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values."], "name": "CVE-2022-45143", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "tomcat6", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "tomcat7", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Out of support scope", "package_name": "tomcat8", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "tomcat", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2023-01-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45143\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45143\nhttps://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"], "statement": "Although it may be rated as CVSS 7.5, it's still considered a low impact flaw as according to the advisory report from Apache, user controlled data may occur in specific cases only and may alter some specific fields only.\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", "threat_severity": "Low", "upstream_fix": "tomcat 10.1.2, tomcat 9.0.69, tomcat 8.5.84"}