CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

CVSS v3.0 8.6 HIGH
CVSS v2.0 7.5 HIGH

8.6^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c	Mailing List Vendor Advisory
https://security.netapp.com/advisory/ntap-20220629-0003/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::

Configuration 2 (hide)

cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*

Information

Published : 2022-05-13 01:15

Updated : 2023-02-23 10:09

NVD link : CVE-2022-25762

Mitre link : CVE-2022-25762

JSON object : View

CWE

CWE-404

Improper Resource Shutdown or Release

Advertisement

Products Affected

apache

tomcat

oracle

agile_plm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c", "name": "https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20220629-0003/", "name": "https://security.netapp.com/advisory/ntap-20220629-0003/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "name": "N/A", "tags": ["Patch", "Third Party Advisory"], "refsource": "N/A"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-404"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-25762", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}}, "publishedDate": "2022-05-13T08:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.21", "versionStartIncluding": "9.0.0"}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.5.76", "versionStartIncluding": "8.5.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-23T18:09Z"}