[CONFSERVER-82351] Upgrade to Apache Tomcat version 9.0.69 or later

Type: Suggestion
Resolution: Fixed
Fix Version/s: 8.2.0, 8.1.1, 7.13.15, 7.19.7
Component/s: Security
Labels:
None

UIS:
19
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

The Docker images of confluence-server are shipped with Tomcat 9.0.65, which is vulnerable to CVE-2022-45143.

Nessus report:

Apache Tomcat 9.0.40 < 9.0.69

Description

The version of Tomcat installed on the remote host is prior to 9.0.69. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.69_security-9 advisory.

The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. (CVE-2022-45143)

Form Name

Aleksandrs Gumenuks added a comment - 02/Mar/2023 11:58 AM

Actually ~~CONFSERVER-82351~~ solves ~~CONFSERVER-81074~~.

Aleksandrs Gumenuks added a comment - 02/Mar/2023 11:58 AM Actually CONFSERVER-82351 solves CONFSERVER-81074 .

Assignee:: Unassigned

Reporter:: Gerald Schneider

Votes:: 9 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 16/Feb/2023 11:10 AM

Updated:: 13/Apr/2023 2:13 AM

Resolved:: 13/Apr/2023 2:13 AM

Details

Description

Apache Tomcat 9.0.40 < 9.0.69

Description

Attachments

Forms

Activity

Collapse comment: Aleksandrs Gumenuks added a comment - 02/Mar/2023 11:58 AM

Expand comment: Aleksandrs Gumenuks added a comment - 02/Mar/2023 11:58 AM

People

Dates