Bug 13980

Summary:	[CVE 21] lua 9.0.37 CVEs CVE-2022-29885 EXPLOIT https://www.exploit-db.com/download/51262 found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	s.matveev, y.tumanov
Version:	All	Flags:	y.tumanov: secteam_verified+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2022-29885 https://www.exploit-db.com/download/51262
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Yury 2023-10-20 15:39:30 MSK

[CVE 21] lua 9.0.37 CVEs CVE-2022-29885 EXPLOIT https://www.exploit-db.com/download/51262 found 

tomcat	9.0.37	CVE-2022-29885	The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.	7,5	HIGH	5	MEDIUM	CWE-400	CAPEC-147||CAPEC-227||CAPEC-492||		Найден	https://nvd.nist.gov/vuln/detail/CVE-2022-29885	https://www.exploit-db.com/download/51262

Comment 1 Svyatoslav Matveev 2023-10-21 23:19:07 MSK

Это CVE относится к tomcat и она закрыта патчем.

Comment 2 Yury 2023-10-27 17:12:48 MSK

secteam_verified