On 24/05/2022 02:56, 오현택 wrote:
hello.
I Ask for CVE-2022-25762 Vulnerabilities.
In the described part, it seems that the vulnerability is determined
depending on whether or not Websocket is used.
Even if you are using an affected version of Tomcat, if you do not use
Websockets, we ask if you are not a target of the vulnerability.
As long as no web application deployed to an Apache Tomcat instance uses
WebSockets then that Tomcat instance will not be affected by CVE-2022-25762.
If any web application deployed to an Apache Tomcat instance uses
WebSockets than all web applications deployed to that Tomcat instance
will be exposed to CVE-2022-25762.
■ using tomcat version
- tomcat 8.5.31
That is quite old. I assume that you have confirmed that you aren't
impacted by any of the other security issues announced since then.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
