Comment 1 Vladimir Druzenko 2022-01-20 18:41:42 UTC

Created attachment 231189 [details]
update to 9.0.58

Tested on 12.3-p1 amd64: make check-plist/install/run.

https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.58_(remm)

Comment 2 Vladimir Druzenko 2022-01-20 18:42:47 UTC

Created attachment 231190 [details]
update to 10.0.16

Tested on 12.3-p1 amd64: make check-plist/install/run.

https://tomcat.apache.org/tomcat-10.0-doc/changelog.html#Tomcat_10.0.16_(markt)

Comment 3 Vladimir Druzenko 2022-01-20 18:43:46 UTC

Created attachment 231191 [details]
update to 10.1.0-M10

Tested on 12.3-p1 amd64: make check-plist/install/run.

https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M10_(markt)

Comment 4 commit-hook 2022-01-21 08:49:33 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8078d4be2b5358e81cdcdef4d30d30965f395460

commit 8078d4be2b5358e81cdcdef4d30d30965f395460
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2022-01-21 08:20:06 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-01-21 08:48:12 +0000

    www/tomcat9: update to 9.0.58

    Changelog:
            https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.58_(remm)

    PR:     261365

 www/tomcat9/Makefile | 2 +-
 www/tomcat9/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 5 commit-hook 2022-01-21 08:49:34 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1ffe8132fcec85c5db101e199cb751be4cd78756

commit 1ffe8132fcec85c5db101e199cb751be4cd78756
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2022-01-21 08:19:24 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-01-21 08:48:02 +0000

    www/tomcat10: update to 10.0.16

    Changelog:
            https://tomcat.apache.org/tomcat-10.0-doc/changelog.html#Tomcat_10.0.16_(markt)

    PR:     261365

 www/tomcat10/Makefile | 2 +-
 www/tomcat10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 6 commit-hook 2022-01-21 08:49:35 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c290b77e8a6a30db866261507543be1e853e93bb

commit c290b77e8a6a30db866261507543be1e853e93bb
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2022-01-21 08:20:34 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-01-21 08:48:23 +0000

    www/tomcat85: update to 8.5.75

    Changelog:
            https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.75_(schultz)

    PR:     261365

 www/tomcat85/Makefile | 2 +-
 www/tomcat85/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 7 commit-hook 2022-01-21 08:49:36 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5585ede1dee3ba8bfdb316615f333f4f205c303c

commit 5585ede1dee3ba8bfdb316615f333f4f205c303c
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2022-01-21 08:18:32 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-01-21 08:47:42 +0000

    www/tomcat-devel: update to 10.1.0-M10

    Changelog:
            https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M10_(markt)

    PR:     261365

 www/tomcat-devel/Makefile  | 2 +-
 www/tomcat-devel/distinfo  | 6 +++---
 www/tomcat-devel/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

Comment 8 Vladimir Druzenko 2022-01-26 12:38:04 UTC

CVE-2022-23181 Apache Tomcat Local Privilege Escalation

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M8
Apache Tomcat 10.0.0-M5 to 10.0.14
Apache Tomcat 9.0.35 to 9.0.56
Apache Tomcat 8.5.55 to 8.5.73

Description:
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Mitigation:
Users of the affected versions should apply one of the following mitigations:
- Upgrade to Apache Tomcat 10.1.0-M10 or later
- Upgrade to Apache Tomcat 10.0.16 or later
- Upgrade to Apache Tomcat 9.0.58 or later
- Upgrade to Apache Tomcat 8.5.75 or later

Note: This issue was fixed in Apache Tomcat 10.1.0-M9, 10.0.15, 9.0.57 and 8.5.74 but the release vote for those release candidates did not pass. Therefore, although users must download 10.1.0-M10, 10.0.16, 9.0.58 or 8.5.75 to obtain a version that includes a fix for this issue, versions 10.1.0-M9, 10.0.15, 9.0.57 and 8.5.74 are not included in the list of affected versions.

History:
2022-01-26 Original advisory

Credit:
This issue was reported to the Apache Tomcat Security team by Trung Pham of Viettel Cyber Security.

References:
[1] https://tomcat.apache.org/security-10.html
[2] https://tomcat.apache.org/security-9.html
[3] https://tomcat.apache.org/security-8.html