CVE-2022-4742 is a vulnerability in the Apache Tomcat web server, which potentially allows remote attackers to execute arbitrary code or cause a denial of service (DoS) by exploiting a flaw in the way the server handles certain requests. The vulnerability affects versions 10.0.12 and earlier, as well as 9.0.52 and earlier, and is caused by improper handling of HTTP/2 requests with excessive padding.
The vulnerability was discovered on March 7, 2022, and publicly disclosed on April 19, 2022. Upon disclosure, the Apache Software Foundation released security patches for the affected versions of Tomcat, urging users to update their installations as soon as possible. Additionally, several security researchers reported seeing active exploitation attempts of this vulnerability in the wild, indicating that it was being used by cybercriminals to launch attacks against vulnerable systems.
Organizations using Apache Tomcat web server are advised to apply the available security updates immediately to protect their systems from potential exploits. It is also recommended to implement additional security measures, such as network segmentation and access controls, to reduce the attack surface and further mitigate the risk of exploitation.