Upgrade to Apache Tomcat version 9.0.69 or later

XMLWordPrintable

    • 19

      The Docker images of confluence-server are shipped with Tomcat 9.0.65, which is vulnerable to CVE-2022-45143.

       

      Nessus report:

      Apache Tomcat 9.0.40 < 9.0.69

      Description

      The version of Tomcat installed on the remote host is prior to 9.0.69. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.69_security-9 advisory.

      • The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. (CVE-2022-45143)

              Assignee:
              Unassigned
              Reporter:
              Gerald Schneider
              Votes:
              9 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: