Padding oracle vulnerability was discovered in Apache Tomcat’s EncryptInterceptor when it is enabled with default configuration. The flaw allows an attacker who can influence the encrypted data to discover the padding used during decryption, and by sending a sequence of crafted requests can gradually learn the plaintext or determine valid padding. This can expose sensitive information stored in session cookies or other data that the interceptor encrypts, leading to a confidentiality breach. The weakness corresponds to improper handling of cryptographic padding and can be classified under cryptographic failures that enable decryption of protected data.

The issue is present in Apache Tomcat versions from 7.0.100 up to 7.0.109, 8.5.38 to 8.5.100, 9.0.13 to 9.0.115, 10.0.0-M1 to 10.1.52, and 11.0.0-M1 to 11.0.18. Upgrading to Tomcat 11.0.19, 10.1.53, or 9.0.116, or later releases, removes the vulnerability. Only systems running the affected range with the EncryptInterceptor active in its default mode are impacted.

The CVSS score is not provided in the available data, and the EPSS score is unavailable. Because the vulnerability requires only the ability to submit requests to the interceptor, the attack vector is most likely over HTTP or HTTPS, and the attacker does not need privileged access. The lack of publicly available exploitation scripts suggests that active exploitation may be limited, yet the potential for decryption of confidential data makes the risk significant for exposed applications. The vulnerability is not listed in the KEV catalog, but its impact on data confidentiality warrants immediate attention.