CVE - CVE-2022-25762

CVE-ID
CVE-2022-25762	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20220629-0003/ URL:https://security.netapp.com/advisory/ntap-20220629-0003/ MISC:https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c URL:https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c MISC:https://www.oracle.com/security-alerts/cpujul2022.html URL:https://www.oracle.com/security-alerts/cpujul2022.html
Assigning CNA
Apache Software Foundation
Date Record Created
20220222	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220222)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)