• CVE-2022-29885

发布时间: 2022年5月28日

修改时间: 2022年5月28日

概要

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

CVSS v3 指标

NVD openEuler
CVSS评分 7.5 7.5
Attack Vector Network Network
Attack Complexity Low Low
Privileges Required None None
User Interaction None None
Scope Unchanged Unchanged
Confidentiality None None
Integrity None None
Availability High High

安全公告

公告名 概要 发布时间
KylinSec-SA-2022-1488 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. 2022年5月28日

影响产品

产品 状态
KY3.4-4A tomcat Unaffected
KY3.4-5A tomcat Unaffected
KY3.5.1 tomcat Unaffected