Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252

XMLWordPrintable

    • 105

      Although not vulnerable when using the default configurations (rejectIllegalHeader enabled), the latest versions of Confluence are bundled with Tomcat 9.0.65 which is vulnerable to CVE-2022-42252. Crowd version 5.1.0 is using Tomcat version 8.5.79,  which is vulnerable to CVE-2022-42252. This request was raised to address this through a Tomcat upgrade which would avoid vulnerability by misconfiguration in Confluence and Crowd

            Assignee:
            Unassigned
            Reporter:
            B Cavalcante (Inactive)
            Votes:
            31 Vote for this issue
            Watchers:
            26 Start watching this issue

              Created:
              Updated:
              Resolved: