CVE-2022-41064 is a vulnerability that affects the Apache Tomcat web server. This flaw allows remote attackers to execute arbitrary code on the affected system with elevated privileges. The issue exists due to improper validation of user-provided input when processing certain requests. An attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable server.
The vulnerability was discovered on May 31, 2022, and assigned CVE-2022-41064 on June 1, 2022. The Apache Software Foundation released a security advisory on the same day, urging users to upgrade to versions 9.0.60, 8.5.88, or 7.0.112 to mitigate the vulnerability. The severity of the vulnerability is rated as critical with a CVSS score of 9.8 out of 10.
As a result of this vulnerability, an attacker could gain unauthorized access to sensitive data stored on the affected server, including personal information, financial details, and confidential business information. In addition, the attacker could perform further malicious activities such as installing malware or ransomware on the victim's system, causing significant damage and disruption to the organization's operations. It is crucial for organizations using Apache Tomcat to update their software to the latest version as soon as possible to prevent exploitation of this vulnerability.