Test ID:	1.3.6.1.4.1.25623.1.0.104181
Category:	Web Servers
Title:	Apache Tomcat EncryptInterceptor DoS Vulnerability (May 2022) - Windows
Summary:	Apache Tomcat is prone to a denial of service (DoS); vulnerability.;; This VT has been deprecated and merged into the VT 'Apache Tomcat Clustering DoS Vulnerability (May 2022)'; (OID: 1.3.6.1.4.1.25623.1.0.104180)
Description:	Summary: Apache Tomcat is prone to a denial of service (DoS) vulnerability. This VT has been deprecated and merged into the VT 'Apache Tomcat Clustering DoS Vulnerability (May 2022)' (OID: 1.3.6.1.4.1.25623.1.0.104180) Vulnerability Insight: The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. Affected Software/OS: Apache Tomcat 8.5.38 through 8.5.78, 9.0.13 through 9.0.62, 10.0.0-M1 through 10.0.20 and 10.1.0-M1 to 10.1.0-M14. Solution: Update to version 10.1.0-M15, 10.0.21, 9.0.63, 8.5.79 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-29885 https://security.netapp.com/advisory/ntap-20220629-0002/ Debian Security Information: DSA-5265 (Google Search) https://www.debian.org/security/2022/dsa-5265 http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.