Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252

XMLWordPrintable

    • 105

      Although not vulnerable when using the default configurations (rejectIllegalHeader enabled), the latest versions of Confluence are bundled with Tomcat 9.0.65 which is vulnerable to CVE-2022-42252. Crowd version 5.1.0 is using Tomcat version 8.5.79,  which is vulnerable to CVE-2022-42252. This request was raised to address this through a Tomcat upgrade which would avoid vulnerability by misconfiguration in Confluence and Crowd

              Assignee:
              Unassigned
              Reporter:
              B Cavalcante (Inactive)
              Votes:
              31 Vote for this issue
              Watchers:
              26 Start watching this issue

                Created:
                Updated:
                Resolved: