The fix for this issue introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allows a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
To exploit this issue, an attacker must be able to control the user that the Tomcat process is using. Most often, this is done by injecting code into the startup sequence of a web-application that uses the Tomcat server. An attacker would then need to control the code that is run as part of the startup sequence. In some cases, an attacker can attempt to inject code into a configuration file that allows code to be run at startup.
The following versions were fixed in apache tomcat 10.1.0. M1 to 10.1.0. M8, 10.0.0. M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73
Tomcat versions and updated fixes
Apache Tomcat versions and updated fixes:
Tomcat versions fixed:
Apache Tomcat versions and updated fixes:
Tomcat versions fixed:
9.0.35 to 9.0.56
Timeline
Published on: 01/27/2022 13:15:00 UTC
Last modified on: 07/30/2022 02:02:00 UTC