Overview

- Apache Tomcat has released a security update to address a new vulnerability.

- Personnel responsible for servers using vulnerable versions are advised to update to the latest version by visiting the manufacturer's website

Description.

- Apache Tomcat sends a WebSocket message at the same time it closes a WebSocket connection, which could allow an attacker to persistently use the socket (CVE-2022-25762).

Affected Products and Latest Versions

- Apache Tomcat 8-point version: 8.5.0 to 8.5.75 -> 8.5.76 and later versions

- Apache Tomcat 9 major versions: 9.0.0.M1 to 9.0.20 -> 9.0.21 and later

References

- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-9.html

TA Team Comments

-----

This CVE-2022-25762 is a vulnerability in the Apache Tomcat server.

It allows a socket connection to persist and send messages after the connection is closed.

This is a vulnerability in the application itself and does not represent a direct attack syntax.

There does not appear to be any patterned response in web firewalls.

The workaround is to update Apache Tomcat.

-----