VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-gyd5-cdaj-aaae

Essentials
Severities (77)
References (39)
Severity details (27)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-gyd5-cdaj-aaae
Aliases	CVE-2022-29885 GHSA-r84p-88g2-2vx2
Summary	Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1112	Incomplete Documentation of Program Execution

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.07019	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.07019	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.07019	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.07019	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.53386	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.53386	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.54086	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.54086	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.58812	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66148	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
epss	0.66722	https://api.first.org/data/v1/epss?cve=CVE-2022-29885
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=2093014
apache_tomcat	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-r84p-88g2-2vx2
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
generic_textual	HIGH	https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
generic_textual	HIGH	https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
generic_textual	HIGH	https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
generic_textual	HIGH	https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
cvssv3.1	7.5	https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
generic_textual	HIGH	https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2022-29885
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-29885
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-29885
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20220629-0002
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20220629-0002
cvssv3.1	7.5	https://www.debian.org/security/2022/dsa-5265
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5265
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-29885
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
		https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
		https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
		https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
		https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
		https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
		https://security.netapp.com/advisory/ntap-20220629-0002
		https://security.netapp.com/advisory/ntap-20220629-0002/
		https://www.debian.org/security/2022/dsa-5265
		https://www.oracle.com/security-alerts/cpujul2022.html
2093014		https://bugzilla.redhat.com/show_bug.cgi?id=2093014
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2022-29885		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
CVE-2022-29885	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
CVE-2022-29885		https://nvd.nist.gov/vuln/detail/CVE-2022-29885
GHSA-r84p-88g2-2vx2		https://github.com/advisories/GHSA-r84p-88g2-2vx2
USN-6943-1		https://usn.ubuntu.com/6943-1/

Data source	Exploit-DB
Date added	April 5, 2023
Description	Apache Tomcat 10.1 - Denial Of Service
Ransomware campaign use	Unknown
Source publication date	April 5, 2023
Exploit type	dos
Platform	multiple
Source update date	April 5, 2023

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29885

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220629-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5265

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.91019
EPSS Score	0.02875
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-29885
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d
		https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91
		https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890
		https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
		https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
		https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
		https://security.netapp.com/advisory/ntap-20220629-0002
		https://security.netapp.com/advisory/ntap-20220629-0002/
		https://www.debian.org/security/2022/dsa-5265
		https://www.oracle.com/security-alerts/cpujul2022.html
2093014		https://bugzilla.redhat.com/show_bug.cgi?id=2093014
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.2.1:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2022-29885		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885
CVE-2022-29885	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py
CVE-2022-29885		https://nvd.nist.gov/vuln/detail/CVE-2022-29885
GHSA-r84p-88g2-2vx2		https://github.com/advisories/GHSA-r84p-88g2-2vx2
USN-6943-1		https://usn.ubuntu.com/6943-1/