Test ID:	1.3.6.1.4.1.25623.1.0.117944
Category:	Web Servers
Title:	Apache Tomcat Local Privilege Escalation Vulnerability (Jan 2022) - Linux
Summary:	Apache Tomcat is prone to a local privilege escalation; vulnerability.
Description:	Summary: Apache Tomcat is prone to a local privilege escalation vulnerability. Vulnerability Insight: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Affected Software/OS: Apache Tomcat 8.5.55 through 8.5.73, 9.0.35 through 9.0.56, 10.0.0-M5 through 10.0.14 and 10.1.0-M1 through 10.1.0-M8. Solution: Update to version 8.5.75, 9.0.58, 10.0.16, 10.1.0-M10 or later. Note: This issue was fixed in Apache Tomcat 10.1.0-M9, 10.0.15, 9.0.57 and 8.5.74 but the release vote for those release candidates did not pass. Therefore, although users must download 10.1.0-M10, 10.0.16, 9.0.58 or 8.5.75 to obtain a version that includes a fix for this issue, versions 10.1.0-M9, 10.0.15, 9.0.57 and 8.5.74 are not included in the list of affected versions. CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-23181 https://security.netapp.com/advisory/ntap-20220217-0010/ Debian Security Information: DSA-5265 (Google Search) https://www.debian.org/security/2022/dsa-5265 https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.