Apache Tomcat Vulnerabilities: CVE-2022-29885, CVE-2022-42252 (4369818)

立即与支持人员聊天

反馈已提交

本文是否解决了您的问题？

选择评级

标题

Apache Tomcat Vulnerabilities: CVE-2022-29885, CVE-2022-42252
说明

Two vulnerabilities for Tomcat found in security scan:

Apache Tomcat: Low: Apache Tomcat EncryptInterceptor DoS (CVE-2022-29885) - Vulnerable software installed: Apache Tomcat 9.0.55 ([FMS_HOME]/server/tomcat/lib/catalina.jar)

Apache Tomcat: Low: Apache Tomcat request smuggling (CVE-2022-42252) - Vulnerable software installed: Apache Tomcat 9.0.55 ([FMS_HOME]/server/tomcat/lib/catalina.jar)

What are the effects of these vulnerabilities on Foglight?
原因

https://nvd.nist.gov/vuln/detail/CVE-2022-29885
https://nvd.nist.gov/vuln/detail/CVE-2022-42252
解决办法

CVE-2022-29885 is for the environments using Tomcat clustering. Foglight does not use Tomcat clustering; therefore it is not affected.

CVE-2022-42252 applies if Tomcat is configured to ignore invalid HTTP headers by setting rejectIllegalHeader to false. Foglight has rejectIllegalHeader as true which is the default value in Tomcat 9; therefore, Foglight is not affected.

STATUS

Quest plans to upgrade Apache Tomcat to version 9.0.68 in Foglight 6.3.

反馈已提交

本文是否解决了您的问题？

选择评级

建议的内容

产品：: Foglight for Databases
6.1.0, 6.0.0, 5.9.7; Foglight Evolve
6.1.0, 6.0.0, 9.3, 9.2; Foglight
6.1.0, 6.0.0, 5.9.8, 5.9.7

标题