Skip to main content

Apache Releases Security Update for Apache Tomcat

Apache releases security update to fix a privilege escalation vulnerability in Apache Tomcat
 

Threat ID:
CC-4030
Threat Severity:
Information only
Published:
2 February 2022 2:47 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Apache releases security update to fix a privilege escalation vulnerability in Apache Tomcat
 

Threat details

Introduction

The Apache Software Foundation has released a security update to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to escalate privileges and take control of a system.

Remediation advice

Affected organisations are encouraged to review the relevant Apache Tomcat security advisory below and follow the appropriate remediation step to apply the necessary updates.

Remediation steps

Type Step
Guidance

Apache Tomcat 10.0.0-M5 to 10.0.14 should update to Apache Tomcat 10.0.16 or later


https://tomcat.apache.org/security-10.html
Guidance

Apache Tomcat 10.1.0-M1 to 10.1.0-M8 should update to Apache Tomcat 10.1.0-M10 or later


https://tomcat.apache.org/security-10.html
Guidance

Apache Tomcat 9.0.35 to 9.0.56 should update to Apache Tomcat 9.0.58 or later


https://tomcat.apache.org/security-9.html
Guidance

Apache Tomcat 8.5.55 to 8.5.73 should update to Apache Tomcat 8.5.75 or later


https://tomcat.apache.org/security-8.html

Last edited: 2 February 2022 3:51 pm