[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-42252 as minor issue for buster with the reasoning that the...

[Ola Lundqvist (@opal)]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa9f9510 by Ola Lundqvist at 2022-11-01T23:57:27+01:00
Marked CVE-2022-42252 as minor issue for buster with the reasoning that the issue only occur when the system is explicitly configured to ignore invalid headers.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7568,10 +7568,13 @@ CVE-2022-42253
 	RESERVED
 CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...)
 	- tomcat9 9.0.68-1
+	[buster] - tomcat9 <no-dsa> (Minor issue, occurs when system is explicitly configured in an insecure way)
 	- tomcat8 <removed>
 	NOTE: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
 	NOTE: https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77 (9.0.68)
 	NOTE: https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a (8.5.83)
+	NOTE: One could consider this security issue as expected behavior because the problem described is that
+	NOTE: a specific invalid header is accepted when tomcat is configured to accept invalid headers.
 CVE-2022-3406
 	RESERVED
 CVE-2022-3405



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa9f9510d9542281b029063aa4b952b3e6a05d63

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa9f9510d9542281b029063aa4b952b3e6a05d63
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221101/58e2a437/attachment.htm>