Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2022-34305

CVE-2022-34305:
Cross-site Scripting in Apache Tomcat

6.1

CVSS Score

Basic Information

CVE ID
CVE-2022-34305
GHSA ID
GHSA-6j88-6whg-x687
EPSS Score
-
CWE
CWE-79
Published
6/24/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat:tomcatmaven>= 10.1.0-M1, <= 10.1.0-M1610.1.0-M17
org.apache.tomcat:tomcatmaven>= 10.0.0-M1, < 10.0.2210.0.22
org.apache.tomcat:tomcatmaven>= 9.0.30, < 9.0.659.0.65
org.apache.tomcat:tomcatmaven>= 8.5.50, < 8.5.828.5.82

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unfiltered output of session attributes in Tomcat's Form authentication example JSP. The patches add util.HTMLFilter.filter() wrappers around these outputs. In vulnerable versions, the JSP's generated servlet _jspService method would contain direct write operations for:<br/>1. Session attribute names (name variable)<br/>2. Session attribute values (session.getAttribute(name))<br/>These appear in the profiler as the JSP's service method handling requests to /examples/jsp/security/protected/index.jsp. The exact function is the auto-generated _jspService method in the JSP's compiled servlet class, which maps to the original vulnerable JSP file location.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** Tom**t **.*.*-M* to **.*.*-M**, **.*.*-M* to **.*.**, *.*.** to *.*.** *n* *.*.** to *.*.** t** *orm *ut**nti**tion *x*mpl* in t** *x*mpl*s w** *ppli**tion *ispl*y** us*r provi*** **t* wit*out *ilt*rin*, *xposin* * XSS vuln*r**ility.

Reasoning

T** vuln*r**ility st*ms *rom un*ilt*r** output o* s*ssion *ttri*ut*s in Tom**t's *orm *ut**nti**tion *x*mpl* JSP. T** p*t***s *** util.*TML*ilt*r.*ilt*r() wr*pp*rs *roun* t**s* outputs. In vuln*r**l* v*rsions, t** JSP's **n*r*t** s*rvl*t _jspS*rvi**