Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-81074

Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252

XMLWordPrintable

    • 105
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Although not vulnerable when using the default configurations (rejectIllegalHeader enabled), the latest versions of Confluence are bundled with Tomcat 9.0.65 which is vulnerable to CVE-2022-42252. Crowd version 5.1.0 is using Tomcat version 8.5.79,  which is vulnerable to CVE-2022-42252. This request was raised to address this through a Tomcat upgrade which would avoid vulnerability by misconfiguration in Confluence and Crowd

          Form Name

            [CONFSERVER-81074] Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252

            Aleksandrs Gumenuks added a comment -

            CONFSERVER-81074 is addressed in CONFSERVER-82351 as well.

            Aleksandrs Gumenuks added a comment - CONFSERVER-81074 is addressed in CONFSERVER-82351 as well.

            Aleksandrs Gumenuks added a comment -

            In the light of CVE-2022-45143, the version 9.0.69 is required:

            The version of Tomcat installed on the remote host is prior to 9.0.69. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.69_security-9 advisory.

            Aleksandrs Gumenuks added a comment - In the light of CVE-2022-45143 , the version 9.0.69 is required: The version of Tomcat installed on the remote host is prior to 9.0.69. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.69_security-9 advisory.

              Unassigned Unassigned
              6444c12a624d B Cavalcante
              Votes:
              31 Vote for this issue
              Watchers:
              26 Start watching this issue

                Created:
                Updated:
                Resolved: