Overview
- Apache Tomcat has released a security update to address a new vulnerability.
- Personnel responsible for servers using vulnerable versions are advised to update to the latest version by visiting the manufacturer's website
Description.
- Apache Tomcat sends a WebSocket message at the same time it closes a WebSocket connection, which could allow an attacker to persistently use the socket (CVE-2022-25762).
Affected Products and Latest Versions
- Apache Tomcat 8-point version: 8.5.0 to 8.5.75 -> 8.5.76 and later versions
- Apache Tomcat 9 major versions: 9.0.0.M1 to 9.0.20 -> 9.0.21 and later
References
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-9.html
TA Team Comments
-----
This CVE-2022-25762 is a vulnerability in the Apache Tomcat server.
It allows a socket connection to persist and send messages after the connection is closed.
This is a vulnerability in the application itself and does not represent a direct attack syntax.
There does not appear to be any patterned response in web firewalls.
The workaround is to update Apache Tomcat.
-----