Severity
7.5
High severity
Details
- CVSS score
- 7.5
- CVSS vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE ID
Overview
About vulnerability
Padding Oracle vulnerability in Apache Tomcat’s EncryptInterceptor with default configuration.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.
Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.
Details
- Affected product:
- AlmaLinux 9.2 ESU , Apache CXF , Apache Tomcat , CentOS 7 ELS , Spring , TuxCare 9.6 ESU
- Affected packages:
- Spring Boot (+2678 more)
Padding Oracle vulnerability in Apache Tomcat’s EncryptInterceptor with default configuration.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.
Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.