CVE-2022-4742

Vulnerability updated 15 days ago (2024-11-29T14:19:40.793Z)
Download STIX
Preview STIX
CVE-2022-4742 is a vulnerability in the Apache Tomcat web server, which potentially allows remote attackers to execute arbitrary code or cause a denial of service (DoS) by exploiting a flaw in the way the server handles certain requests. The vulnerability affects versions 10.0.12 and earlier, as well as 9.0.52 and earlier, and is caused by improper handling of HTTP/2 requests with excessive padding. The vulnerability was discovered on March 7, 2022, and publicly disclosed on April 19, 2022. Upon disclosure, the Apache Software Foundation released security patches for the affected versions of Tomcat, urging users to update their installations as soon as possible. Additionally, several security researchers reported seeing active exploitation attempts of this vulnerability in the wild, indicating that it was being used by cybercriminals to launch attacks against vulnerable systems. Organizations using Apache Tomcat web server are advised to apply the available security updates immediately to protect their systems from potential exploits. It is also recommended to implement additional security measures, such as network segmentation and access controls, to reduce the attack surface and further mitigate the risk of exploitation.
Description last updated: 2023-06-27T21:15:55.830Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2022-4742 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago