Untriaged
Permalink
CVE-2022-4132
5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Memory leak on tls connections
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
References
- https://access.redhat.com/security/cve/CVE-2022-4132 x_refsource_REDHAT vdb-entry
- RHBZ#2147372 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2022-4132 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2147372 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2022-4132 x_refsource_REDHAT vdb-entry
- RHBZ#2147372 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2022-4132 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2147372 issue-tracking x_refsource_REDHAT x_transferred
Affected products
jss
- ==5.5.0
tomcat
tomcat7
tomcat8
tomcatjss
jws5-tomcat
pki-servlet-engine
pki-deps:10.6/pki-servlet-engine
Matching in nixpkgs
pkgs.tomcat9
Implementation of the Java Servlet and JavaServer Pages technologies
-
nixos-unstable -
- nixpkgs-unstable 9.0.108
pkgs.tomcat10
Implementation of the Java Servlet and JavaServer Pages technologies
-
nixos-unstable -
- nixpkgs-unstable 10.1.44
pkgs.tomcat11
Implementation of the Java Servlet and JavaServer Pages technologies
-
nixos-unstable -
- nixpkgs-unstable 11.0.11
pkgs.tomcat-native
Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc
-
nixos-unstable -
- nixpkgs-unstable 2.0.9
pkgs.tomcat_mysql_jdbc
None
-
nixos-unstable -
- nixpkgs-unstable 9.4.0
pkgs.apachetomcatscanner
Tool to scan for Apache Tomcat server vulnerabilities
-
nixos-unstable -
- nixpkgs-unstable 3.7.2
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@aanderse Aaron Andersen <aaron@fosslib.net>