GSD-2022-25762
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-25762",
"description": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.",
"id": "GSD-2022-25762",
"references": [
"https://www.suse.com/security/cve/CVE-2022-25762.html",
"https://alas.aws.amazon.com/cve/html/CVE-2022-25762.html",
"https://access.redhat.com/errata/RHSA-2020:4847"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-25762"
],
"details": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.",
"id": "GSD-2022-25762",
"modified": "2023-12-13T01:19:27.368702Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-25762",
"STATE": "PUBLIC",
"TITLE": "Response mix-up with WebSocket concurrent send and close"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Apache Tomcat 9",
"version_value": "9.0.0.M1 to 9.0.20"
},
{
"version_affected": "=",
"version_name": "Apache Tomcat 8.5",
"version_value": "8.5.0 to 8.5.75"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220629-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220629-0003/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[8.5.0,8.5.75),[9.0.0,9.0.20)",
"affected_versions": "All versions starting from 8.5.0 before 8.5.75, all versions starting from 9.0.0 before 9.0.20",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-404",
"CWE-937"
],
"date": "2022-05-25",
"description": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.",
"fixed_versions": [
"8.5.75",
"9.0.20"
],
"identifier": "CVE-2022-25762",
"identifiers": [
"GHSA-h3ch-5pp2-vh6w",
"CVE-2022-25762"
],
"not_impacted": "All versions before 8.5.0, all versions starting from 8.5.75 before 9.0.0, all versions starting from 9.0.20",
"package_slug": "maven/org.apache.tomcat.embed/tomcat-embed-core",
"pubdate": "2022-05-14",
"solution": "Upgrade to versions 8.5.75, 9.0.20 or above.",
"title": "Improper Resource Shutdown or Release",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-25762",
"https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c",
"https://github.com/advisories/GHSA-h3ch-5pp2-vh6w"
],
"uuid": "871d283c-c110-4de4-ae8e-12f862a25a00"
},
{
"affected_range": "[8.5.0,8.5.76),[9.0.0,9.0.21)",
"affected_versions": "All versions starting from 8.5.0 before 8.5.76, all versions starting from 9.0.0 before 9.0.21",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-404",
"CWE-937"
],
"date": "2023-02-23",
"description": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.",
"fixed_versions": [
"8.5.76",
"9.0.21"
],
"identifier": "CVE-2022-25762",
"identifiers": [
"CVE-2022-25762"
],
"not_impacted": "All versions before 8.5.0, all versions starting from 8.5.76 before 9.0.0, all versions starting from 9.0.21",
"package_slug": "maven/org.apache.tomcat/tomcat-catalina",
"pubdate": "2022-05-13",
"solution": "Upgrade to versions 8.5.76, 9.0.21 or above.",
"title": "Improper Resource Shutdown or Release",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-25762",
"https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c"
],
"uuid": "acd23f59-1e09-491a-95fd-e68e0a8a6399"
},
{
"affected_range": "[8.5.0,8.5.75),[9.0.0M1,9.0.20)",
"affected_versions": "All versions starting from 8.5.0 before 8.5.75, all versions starting from 9.0.0m1 before 9.0.20",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-404",
"CWE-937"
],
"date": "2022-05-25",
"description": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.",
"fixed_versions": [
"8.5.75",
"9.0.20"
],
"identifier": "CVE-2022-25762",
"identifiers": [
"GHSA-h3ch-5pp2-vh6w",
"CVE-2022-25762"
],
"not_impacted": "All versions before 8.5.0, all versions starting from 8.5.75 before 9.0.0m1, all versions starting from 9.0.20",
"package_slug": "maven/org.apache.tomcat/tomcat",
"pubdate": "2022-05-14",
"solution": "Upgrade to versions 8.5.75, 9.0.20 or above.",
"title": "Improper Resource Shutdown or Release",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-25762",
"https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c",
"https://github.com/advisories/GHSA-h3ch-5pp2-vh6w"
],
"uuid": "bb3d06f6-6de0-4c73-a284-b739a8c43b86"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.21",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.76",
"versionStartIncluding": "8.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-25762"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220629-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0003/"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
},
"lastModifiedDate": "2023-02-23T18:09Z",
"publishedDate": "2022-05-13T08:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…