You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by 오현택 <gu...@naver.com> on 2022/05/24 01:56:41 UTC
Asking Apache Tomcat Vulnerabilities(CVE-2022-25762)
hello.
I Ask for CVE-2022-25762 Vulnerabilities.
In the described part, it seems that the vulnerability is determined
depending on whether or not Websocket is used.
Even if you are using an affected version of Tomcat, if you do not use
Websockets, we ask if you are not a target of the vulnerability.
■ using tomcat version
- tomcat 8.5.31
thank you.
Asking Apache Tomcat Vulnerabilities(CVE-2022-25762)
Posted by 오현택 <gu...@naver.com>.
hello.
I Ask for CVE-2022-25762 Vulnerabilities.
In the described part, it seems that the vulnerability is determined
depending on whether or not Websocket is used.
Even if you are using an affected version of Tomcat, if you do not use
Websockets, we ask if you are not a target of the vulnerability.
■ using tomcat version
- tomcat 8.5.31
thank you.
Re: Asking Apache Tomcat Vulnerabilities(CVE-2022-25762)
Posted by Mark Thomas <ma...@apache.org>.
On 24/05/2022 02:56, 오현택 wrote:
> hello.
>
> I Ask for CVE-2022-25762 Vulnerabilities.
>
> In the described part, it seems that the vulnerability is determined
> depending on whether or not Websocket is used.
>
> Even if you are using an affected version of Tomcat, if you do not use
> Websockets, we ask if you are not a target of the vulnerability.
As long as no web application deployed to an Apache Tomcat instance uses
WebSockets then that Tomcat instance will not be affected by CVE-2022-25762.
If any web application deployed to an Apache Tomcat instance uses
WebSockets than all web applications deployed to that Tomcat instance
will be exposed to CVE-2022-25762.
> ■ using tomcat version
> - tomcat 8.5.31
That is quite old. I assume that you have confirmed that you aren't
impacted by any of the other security issues announced since then.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org