You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Uncaught Exception due to the custom Jakarta Authentication ServerAuthContext component which may throw an exception during the authentication process without setting an HTTP status to indicate failure. An attacker can gain unauthorized access by exploiting this unchecked error condition.
Note:
This is only exploitable if Tomcat is configured to use a custom Jakarta Authentication ServerAuthContext component that behaves in this way. According to the maintainers, no such cases are known.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.96, 10.1.31, 11.0.0 or higher.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Uncaught Exception due to the custom Jakarta Authentication
ServerAuthContextcomponent which may throw an exception during the authentication process without setting an HTTP status to indicate failure. An attacker can gain unauthorized access by exploiting this unchecked error condition.Note:
This is only exploitable if Tomcat is configured to use a custom Jakarta Authentication
ServerAuthContextcomponent that behaves in this way. According to the maintainers, no such cases are known.Remediation
Upgrade
org.apache.tomcat.embed:tomcat-embed-coreto version 9.0.96, 10.1.31, 11.0.0 or higher.References
The text was updated successfully, but these errors were encountered: