Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2022-25762

UNKNOWN

Published 2022-05-13T07:50:09

Actions:

No CVSS data available

Description

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Tomcat

Affected Versions:

Apache Tomcat 9 9.0.0.M1 to 9.0.20 Apache Tomcat 8.5 8.5.0 to 8.5.75

References

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

https://www.oracle.com/security-alerts/cpujul2022.html

https://security.netapp.com/advisory/ntap-20220629-0003/

Published: 2022-05-13T07:50:09

Last Modified: 2024-08-03T04:49:43.478Z

Copied to clipboard!