Apache Tomcat’s EncryptInterceptor has a padding oracle flaw that, when enabled by default, lets an attacker send crafted ciphertext and learn the plaintext by observing response differences. The vulnerability is rooted in inadequate boundary checks and error handling and is mapped to CWE‑1240, CWE‑209 and CWE‑642. Successful exploitation can expose encrypted configuration values, session data or other confidential information stored by the application.

The flaw affects Apache Tomcat across multiple releases: versions 11.0.0‑M1 through 11.0.18, 10.0.0‑M1 through 10.1.52, 9.0.13 through 9.0.115, 8.5.38 through 8.5.100, and 7.0.100 through 7.0.109. Apache recommends upgrading to 11.0.19, 10.1.53, or 9.0.116 where the patch is incorporated. No specific fix versions are listed for the 8.5.x or 7.x series in the advisory; administrators should check for newer releases or apply a local disable of the interceptor if the feature is not required.

With a CVSS base score of 7.5 the vulnerability is considered high severity, yet the EPSS score is below 1 % indicating a low likelihood of real‑world exploitation so far. It is not present in the CISA KEV catalog. The likely attack vector is remote HTTP access to a Tomcat instance that accepts encrypted parameters; an attacker would need to supply sequences of ciphertext that trigger decryption errors, then analyze the error responses or timing to gradually recover the plaintext.