CVE-2022-29885 - Denial of Service (DoS)
Severity: High2022-10-13
Abstract
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
The Oxygen products incorporate Apache Tomcat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion v4.1.6 and older | High | Oxygen Content Fusion 5.0 build 2022052605 |
Oxygen XML Web Author v24.1 and older | High | Oxygen XML Web Author 25.0 build 2022100711 |