Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1663: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.2 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.2 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42252: A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack.
  • CVE-2022-45143: A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-12

Updated:

2023-04-12

RHSA-2023:1663 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: Red Hat JBoss Web Server 5.7.2 release and security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Web Server 5.7.2 on Red Hat Enterprise Linux versions 7, 8, and 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Security Fix(es):

  • jws5-tomcat: tomcat: request smuggling (CVE-2022-42252)
  • jws5-tomcat: tomcat: JsonErrorReportValve injection (CVE-2022-45143)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 5 for RHEL 9 x86_64
  • JBoss Enterprise Web Server 5 for RHEL 8 x86_64
  • JBoss Enterprise Web Server 5 for RHEL 7 x86_64

Fixes

  • BZ - 2141329 - CVE-2022-42252 tomcat: request smuggling
  • BZ - 2158695 - CVE-2022-45143 tomcat: JsonErrorReportValve injection

JBoss Enterprise Web Server 5 for RHEL 9

SRPM

jws5-tomcat-9.0.62-13.redhat_00011.1.el9jws.src.rpm

SHA-256: af6ea4ebfa27a91a0d9809dfa57e7f79a293303ec1f6bcadf1d505cb3e9d10e2

x86_64

jws5-tomcat-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 93d7a91112924d1d7b09b5bdfe77ce0caa6b9d327a641e1cbb991f4181b62278

jws5-tomcat-admin-webapps-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 31cfa037ee32f3a634343e999ce15722ae21325cc83b8e9ef7720cf78c8335e2

jws5-tomcat-docs-webapp-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 1bad87e0c61532b4b1323c9cc589173e6bbc3e5b4f41d218d39a0498b7d68b71

jws5-tomcat-el-3.0-api-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: b4680eb7d6c37537c0598d8606ce6d0e1a1770ffd87600fd7c2f45cfa03e09a9

jws5-tomcat-javadoc-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 9f6c7c18175df1b584bd3b696a3bc882c6a29db12c2ec5db18fbfb304390125e

jws5-tomcat-jsp-2.3-api-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 22a46fa5a4b6295e86a8e5ff8d392603f8b2a8b021855d3867f60c9699e33ec7

jws5-tomcat-lib-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: b1bc57967769f7e7bc555628c65e74f6ddd91fd6a4f0451ad72de8cbcbda40fe

jws5-tomcat-selinux-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 220a470c979f284fe351d45be85dbef4ab9037f1b367542288761e2fd7ab6cfe

jws5-tomcat-servlet-4.0-api-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: 24b15e684f43a0b1e6d352a4da9d3bee43d09f09583f59a1ec7b0d59300e6796

jws5-tomcat-webapps-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

SHA-256: bb0c33b5e165537e988b3738546d3430f84992f305f01cfa1683d568148109cf

JBoss Enterprise Web Server 5 for RHEL 8

SRPM

jws5-tomcat-9.0.62-13.redhat_00011.1.el8jws.src.rpm

SHA-256: 235f67e0379bba69020d3fa10372bbb794705abdc1660135411f13c696f89b3b

x86_64

jws5-tomcat-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 694df91b6e5381c3b4b963e85503373fc04d549f72de3d9b8acbcacf0efd3b84

jws5-tomcat-admin-webapps-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 1ae989d68bd97440a7009bf7e388422378779af7d71467a557c89701be5819a2

jws5-tomcat-docs-webapp-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 56f4b72b3ae08759b41736ad1a951fb7ab34c8c73b51f6d92be8b86961b6258a

jws5-tomcat-el-3.0-api-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 9cb3659fcde4747451cb22ea73e9fc423f96979a0915d23a45c732b067c1c353

jws5-tomcat-javadoc-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: f6c69d42553bceea796d4adfe77472455ff529e4a957e7aa8401375941c38ccd

jws5-tomcat-jsp-2.3-api-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 381af12afc3e78367a60931170806a1fd3a160ff80b2438e02b911f3c9fcd6e4

jws5-tomcat-lib-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 9419355355cee82359f80304c65a4d3a9ccf9440ae3da14a1b164ff5ee5946c1

jws5-tomcat-selinux-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: e1b36fa3f9431d6d2ee32c32a22ad0730af1706f7978e844a26cea84f7088a65

jws5-tomcat-servlet-4.0-api-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 4ad11f33ff15416659f5bb9f089c00011b0faa1fc13617356e6e70fff4d03089

jws5-tomcat-webapps-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

SHA-256: 059956fe03363220f745455a9773ad6e043a9fc3d652ae606ccc4c7ad4ae8a5a

JBoss Enterprise Web Server 5 for RHEL 7

SRPM

jws5-tomcat-9.0.62-13.redhat_00011.1.el7jws.src.rpm

SHA-256: 36d3d1b59597a76e27ce09097d1d261f95f8b416e7246db18289e9133b3e0138

x86_64

jws5-tomcat-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 004029f7b3af550f58a72dee937fa332b0651ab9c979286b588232b150d29d4c

jws5-tomcat-admin-webapps-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 85fef3037f7d50687a753bab47c4d437611b8344a70d29c334aeb221a2b6b8bb

jws5-tomcat-docs-webapp-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 3eb16d0cf3c8907dede07e4dba3b8da06bddfa800c6827494007ae54634e3e38

jws5-tomcat-el-3.0-api-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 82ac4da9ef0b784a032329478e1078022d6964d87a704f677aaf110d16b97f9c

jws5-tomcat-java-jdk11-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: bc47d6b2c508d4f8eee7df0de491ff29794964796ca9c1d439b0bfafd5cc82a8

jws5-tomcat-java-jdk8-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 9c90245959a612c681088652d2f8d1f2032bacddd0f0e3d95955fcf698180489

jws5-tomcat-javadoc-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: eac08b930a10d4ea7cfdfc159bd1d163e5d4067face30894a2b4d9081f90c711

jws5-tomcat-jsp-2.3-api-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: d3d0e745de6b1f38d728aa12b9a9c0573dfa2534e98a617035af7e39c5f623fc

jws5-tomcat-lib-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 87425180b3b0c5ae7b7e6e77dccca6b31c073ab1b92f7eb8a0ab1895f2cb311e

jws5-tomcat-selinux-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: f3e806e849f68eb61e0d4c1d6e25960bed39ae2a013f42c58f3b2527c3fefa55

jws5-tomcat-servlet-4.0-api-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 924742c81a1e113c9dfca2df7b2d94d00489c4c3610b905d1100e119a1f14b32

jws5-tomcat-webapps-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

SHA-256: 6b95081e66e23a90b34622bdf9f7cb0cbe114a66510fbc4aa6a36a58aba40370

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-6880-1

Ubuntu Security Notice 6880-1 - Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks.

Red Hat Security Advisory 2023-4612-01

Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.

RHSA-2023:4612: Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.13 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-1471: A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malici...

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3954-01

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:3954: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2012-5783: It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1663-01

Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Red Hat Security Advisory 2023-1663-01

Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Red Hat Security Advisory 2023-1664-01

Red Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Red Hat Security Advisory 2023-1664-01

Red Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

RHSA-2023:1664: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.2 release and security update

Red Hat JBoss Web Server 5.7.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42252: A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack. * CVE-2022-45143: A fla...

RHSA-2023:1664: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.2 release and security update

Red Hat JBoss Web Server 5.7.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42252: A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack. * CVE-2022-45143: A fla...

Debian Security Advisory 5381-1

Debian Linux Security Advisory 5381-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

Debian Security Advisory 5381-1

Debian Linux Security Advisory 5381-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

GHSA-rq2w-37h9-vg94: Apache Tomcat improperly escapes input from JsonErrorReportValve

The `JsonErrorReportValve` in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the `type`, `message` or `description` values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

GHSA-p22x-g9px-3945: Apache Tomcat may reject request containing invalid Content-Length header

If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

CVE-2022-42252

If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

CVE-2016-8735: Apache Tomcat® - Apache Tomcat 9 vulnerabilities

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

CVE-2016-6816: Apache Tomcat® - Apache Tomcat 9 vulnerabilities

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.