Security Alert (A22-01-22): Vulnerability in Apache Tomcat
27 January 2022
Apache Software Foundation has released a security advisory to address a vulnerability in the Apache Tomcat. A local attacker could exploit the vulnerability in the Tomcat server used FileStore for session persistence by sending a specially crafted request.
Apache Tomcat 10.1.0-M1 to 10.1.0-M8
Apache Tomcat 10.0.0-M5 to 10.0.14
Apache Tomcat 9.0.35 to 9.0.56
Apache Tomcat 8.5.55 to 8.5.73
A successful exploitation of the vulnerability could lead to privilege escalation on an affected system.
Apache Software Foundation has released new version of the products to address the issue and they can be downloaded at the following URLs: