Bug 1199516 - (CVE-2022-25762) VUL-0: CVE-2022-25762: tomcat,tomcat6: request mixup
(CVE-2022-25762)
VUL-0: CVE-2022-25762: tomcat,tomcat6: request mixup
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Abid Mehmood
Security Team bot
https://smash.suse.de/issue/331745/
CVSSv3.1:SUSE:CVE-2022-25762:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-13 10:25 UTC by Thomas Leroy
Modified: 2022-05-13 12:40 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-05-13 10:25:05 UTC
rh#2085304

If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

Upstream fix:
https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99

References:
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76
https://bugzilla.redhat.com/show_bug.cgi?id=2085304
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25762
Comment 1 Thomas Leroy 2022-05-13 12:38:10 UTC
Not affected/already fixed:
SUSE:SLE-12-SP4:Update /tomcat
SUSE:SLE-15:Update/tomcat
SUSE:SLE-15-SP1:Update/tomcat
SUSE:SLE-15-SP2:Update /tomcat

I think SUSE:SLE-12-SP2:Update/tomcat and SUSE:SLE-11:Update/tomcat6 are affected, but I am not sure.