PT-2022-7336 · Apache+5 · Apache Tomcat+5

Published

2022-11-09

·

Updated

2026-05-18

·

CVE-2022-45143

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.83, 9.0.40 through 9.0.68, 10.1.0-M1 through 10.1.1
Description The issue is related to the JsonErrorReportValve in Apache Tomcat, which does not properly escape the type, message, or description values. These values can be constructed from user-provided data, allowing users to supply values that could invalidate or manipulate the JSON output.
Recommendations For Apache Tomcat versions 8.5.83, 9.0.40 through 9.0.68, and 10.1.0-M1 through 10.1.1, consider upgrading to a version where this issue is fixed, as the exact fixed version is not specified in the provided information. As a temporary workaround, consider restricting user input to prevent manipulation of the JSON output. Restrict access to the JsonErrorReportValve to minimize the risk of exploitation.

Fix

DoS

Special Elements Injection

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-116

Related Identifiers

ALT-PU-2023-8058
ALT-PU-2025-2379
ALT-PU-2025-9146
BDU:2024-03597
BIT-TOMCAT-2022-45143
CLEANSTART-2026-AJ47488
CLEANSTART-2026-AM95501
CLEANSTART-2026-CD66042
CLEANSTART-2026-GR86205
CLEANSTART-2026-KB11938
CLEANSTART-2026-MR27796
CLEANSTART-2026-RH10099
CLEANSTART-2026-RK94800
CLEANSTART-2026-SJ80413
CLEANSTART-2026-TN71701
CLEANSTART-2026-UZ56639
CLEANSTART-2026-XI02879
CLEANSTART-2026-XP03839
CLEANSTART-2026-XP58111
CVE-2022-45143
DSA-5381-1
GHSA-RQ2W-37H9-VG94
MGASA-2023-0138
OPENSUSE-SU-2024:12847-1
OPENSUSE-SU-2024:13441-1
RHSA-2023:1663
SUSE-SU-2023:1853-1
SUSE-SU-2023_1853-1

Affected Products

Alt Linux
Apache Tomcat
Astra Linux
Confluence
Red Os
Suse