[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-29885":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":108,"duplicate_of":9,"upstream":111,"downstream":112,"duplicates":125,"related":126,"reserved_at":9,"published_at":128,"modified_at":129,"state":130,"summary":131,"references_raw":139,"kevs":202,"epss":203,"epss_history":206,"metrics":430,"affected":442},"CVE-2022-29885","The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[27,31,89],{"id":28,"name":29,"techniques":30},"CAPEC-147","XML Ping of the Death",[],{"id":32,"name":33,"techniques":34},"CAPEC-227","Sustained Client Engagement",[35],{"id":36,"name":37,"tactics":38,"countermeasures":42},"T1499","Endpoint Denial of Service",[39],{"id":40,"name":41},"TA0105","Impact",[43,48,52,56,60,64,68,72,76,80,85],{"id":44,"name":45,"tactic":46},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":47},{"id":53,"name":54,"tactic":55},"D3-CSPP","Client-server Payload Profiling",{"name":47},{"id":57,"name":58,"tactic":59},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-NTSA","Network Traffic Signature Analysis",{"name":47},{"id":65,"name":66,"tactic":67},"D3-APCA","Application Protocol Command Analysis",{"name":47},{"id":69,"name":70,"tactic":71},"D3-NTCD","Network Traffic Community Deviation",{"name":47},{"id":73,"name":74,"tactic":75},"D3-RTSD","Remote Terminal Session Detection",{"name":47},{"id":77,"name":78,"tactic":79},"D3-ISVA","Inbound Session Volume Analysis",{"name":47},{"id":81,"name":82,"tactic":83},"D3-NTF","Network Traffic Filtering",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-ITF","Inbound Traffic Filtering",{"name":84},{"id":90,"name":91,"techniques":92},"CAPEC-492","Regular Expression Exponential Blowup",[],[94],{"_key":95,"name":96,"source":97,"url":98,"maturity":99,"reliability_score":100,"verified":101,"type":102,"platforms":103,"requires_auth":9,"exploitdb":105,"metasploit":9},"51262","Apache Tomcat 10.1 - Denial Of Service","exploit-database","https://www.exploit-db.com/exploits/51262","poc",0.5,false,"dos",[104],"multiple",{"verified":101,"type":102,"platform":104,"file":106,"codes":107},"exploits/multiple/dos/51262.py",[7],[109,110],"GHSA-r84p-88g2-2vx2","BIT-tomcat-2022-29885",[],[113,115,117,119,121,123],{"_key":114},"DLA-3160-1",{"_key":116},"DSA-5265-1",{"_key":118},"MGASA-2023-0138",{"_key":120},"DEBIAN-CVE-2022-29885",{"_key":122},"USN-6943-1",{"_key":124},"UBUNTU-CVE-2022-29885",[],[127],{"_key":118},"2022-05-12T00:00:00.000Z","2024-08-03T06:33:42.950Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":134,"severity_score":135,"severity_version":136,"severity_source":137,"severity_vector":138,"severity_status":130},"critical",0.55532,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[140,150,156,160,164,168,172,177,181,185,189,193,198],{"url":141,"sources":142,"tags":145},"https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv",[143,137,144],"cve.org","osv_maven",[146,147,148,149],"Mailing List","Mitigation","Vendor Advisory","WEB",{"url":151,"sources":152,"tags":153},"https://www.oracle.com/security-alerts/cpujul2022.html",[143,137,144],[154,155,149],"Patch","Third Party Advisory",{"url":157,"sources":158,"tags":159},"https://security.netapp.com/advisory/ntap-20220629-0002/",[143,137],[155],{"url":161,"sources":162,"tags":163},"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html",[143,137,144],[146,155,149],{"url":165,"sources":166,"tags":167},"https://www.debian.org/security/2022/dsa-5265",[143,137,144],[148,155,149],{"url":169,"sources":170,"tags":171},"http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html",[143,137],[],{"url":173,"sources":174,"tags":175},"https://nvd.nist.gov/vuln/detail/CVE-2022-29885",[144],[176],"Advisory",{"url":178,"sources":179,"tags":180},"https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d",[144],[149],{"url":182,"sources":183,"tags":184},"https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91",[144],[149],{"url":186,"sources":187,"tags":188},"https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890",[144],[149],{"url":190,"sources":191,"tags":192},"https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48",[144],[149],{"url":194,"sources":195,"tags":196},"https://github.com/apache/tomcat",[144],[197],"PACKAGE",{"url":199,"sources":200,"tags":201},"https://security.netapp.com/advisory/ntap-20220629-0002",[144],[149],[],{"date":204,"score":133,"percentile":205},"2026-06-04",0.98116,[207,211,213,215,217,219,221,223,225,228,231,233,235,238,240,244,247,249,252,255,257,259,262,264,266,268,270,272,276,279,281,283,285,287,290,292,294,296,299,302,305,307,309,311,314,317,320,322,324,327,329,331,333,335,338,341,343,345,347,350,353,355,358,360,363,366,369,372,375,377,379,381,384,386,388,390,392,395,398,401,404,406,409,412,415,417,420,423,425,427],{"date":208,"score":209,"percentile":210},"2025-11-04",0.60112,0.9817,{"date":212,"score":209,"percentile":210},"2025-11-05",{"date":214,"score":209,"percentile":210},"2025-11-06",{"date":216,"score":209,"percentile":210},"2025-11-07",{"date":218,"score":209,"percentile":210},"2025-11-08",{"date":220,"score":209,"percentile":210},"2025-11-09",{"date":222,"score":209,"percentile":210},"2025-11-10",{"date":224,"score":209,"percentile":210},"2025-11-11",{"date":226,"score":209,"percentile":227},"2025-11-12",0.98172,{"date":229,"score":209,"percentile":230},"2025-11-13",0.98173,{"date":232,"score":209,"percentile":230},"2025-11-14",{"date":234,"score":209,"percentile":210},"2025-11-15",{"date":236,"score":209,"percentile":237},"2025-11-16",0.98171,{"date":239,"score":209,"percentile":237},"2025-11-17",{"date":241,"score":242,"percentile":243},"2025-11-18",0.81886,0.99278,{"date":245,"score":242,"percentile":246},"2025-11-19",0.99279,{"date":248,"score":242,"percentile":243},"2025-11-20",{"date":250,"score":209,"percentile":251},"2025-11-21",0.98168,{"date":253,"score":209,"percentile":254},"2025-11-22",0.98166,{"date":256,"score":209,"percentile":254},"2025-11-23",{"date":258,"score":209,"percentile":254},"2025-11-24",{"date":260,"score":209,"percentile":261},"2025-11-25",0.98167,{"date":263,"score":209,"percentile":254},"2025-11-26",{"date":265,"score":209,"percentile":261},"2025-11-27",{"date":267,"score":209,"percentile":261},"2025-11-28",{"date":269,"score":209,"percentile":251},"2025-11-29",{"date":271,"score":209,"percentile":251},"2025-11-30",{"date":273,"score":274,"percentile":275},"2025-12-01",0.46344,0.97528,{"date":277,"score":274,"percentile":278},"2025-12-02",0.97527,{"date":280,"score":274,"percentile":275},"2025-12-03",{"date":282,"score":209,"percentile":261},"2025-12-04",{"date":284,"score":209,"percentile":261},"2025-12-05",{"date":286,"score":209,"percentile":251},"2025-12-06",{"date":288,"score":209,"percentile":289},"2025-12-07",0.98169,{"date":291,"score":209,"percentile":210},"2025-12-08",{"date":293,"score":209,"percentile":289},"2025-12-09",{"date":295,"score":209,"percentile":227},"2025-12-10",{"date":297,"score":209,"percentile":298},"2025-12-11",0.98176,{"date":300,"score":209,"percentile":301},"2025-12-12",0.98178,{"date":303,"score":209,"percentile":304},"2025-12-13",0.98174,{"date":306,"score":209,"percentile":304},"2025-12-14",{"date":308,"score":209,"percentile":304},"2025-12-15",{"date":310,"score":209,"percentile":301},"2025-12-16",{"date":312,"score":209,"percentile":313},"2025-12-17",0.9818,{"date":315,"score":209,"percentile":316},"2025-12-18",0.98179,{"date":318,"score":209,"percentile":319},"2025-12-19",0.98181,{"date":321,"score":209,"percentile":319},"2025-12-20",{"date":323,"score":209,"percentile":313},"2025-12-21",{"date":325,"score":209,"percentile":326},"2025-12-22",0.98175,{"date":328,"score":209,"percentile":326},"2025-12-23",{"date":330,"score":209,"percentile":298},"2025-12-24",{"date":332,"score":209,"percentile":326},"2025-12-25",{"date":334,"score":209,"percentile":304},"2025-12-26",{"date":336,"score":209,"percentile":337},"2025-12-27",0.98194,{"date":339,"score":209,"percentile":340},"2025-12-28",0.98177,{"date":342,"score":209,"percentile":301},"2025-12-29",{"date":344,"score":209,"percentile":301},"2025-12-30",{"date":346,"score":209,"percentile":319},"2025-12-31",{"date":348,"score":274,"percentile":349},"2026-01-01",0.97556,{"date":351,"score":274,"percentile":352},"2026-01-02",0.97557,{"date":354,"score":274,"percentile":352},"2026-01-03",{"date":356,"score":209,"percentile":357},"2026-01-04",0.98189,{"date":359,"score":209,"percentile":357},"2026-01-05",{"date":361,"score":209,"percentile":362},"2026-01-06",0.9819,{"date":364,"score":209,"percentile":365},"2026-01-07",0.98192,{"date":367,"score":209,"percentile":368},"2026-01-08",0.98193,{"date":370,"score":209,"percentile":371},"2026-01-09",0.98195,{"date":373,"score":209,"percentile":374},"2026-01-10",0.98197,{"date":376,"score":209,"percentile":371},"2026-01-11",{"date":378,"score":209,"percentile":337},"2026-01-12",{"date":380,"score":209,"percentile":337},"2026-01-13",{"date":382,"score":209,"percentile":383},"2026-01-14",0.98196,{"date":385,"score":209,"percentile":383},"2026-01-15",{"date":387,"score":209,"percentile":374},"2026-01-16",{"date":389,"score":209,"percentile":374},"2026-01-17",{"date":391,"score":209,"percentile":374},"2026-01-18",{"date":393,"score":209,"percentile":394},"2026-01-19",0.98198,{"date":396,"score":209,"percentile":397},"2026-01-20",0.982,{"date":399,"score":209,"percentile":400},"2026-01-21",0.98201,{"date":402,"score":209,"percentile":403},"2026-01-22",0.98203,{"date":405,"score":209,"percentile":403},"2026-01-23",{"date":407,"score":209,"percentile":408},"2026-01-24",0.98205,{"date":410,"score":209,"percentile":411},"2026-01-25",0.98206,{"date":413,"score":209,"percentile":414},"2026-01-26",0.98208,{"date":416,"score":209,"percentile":414},"2026-01-27",{"date":418,"score":209,"percentile":419},"2026-01-28",0.9821,{"date":421,"score":209,"percentile":422},"2026-01-29",0.98209,{"date":424,"score":209,"percentile":419},"2026-01-30",{"date":426,"score":209,"percentile":422},"2026-01-31",{"date":428,"score":274,"percentile":429},"2026-02-01",0.97577,[431,440],{"source":137,"cvss_v2_0":432,"cvss_v3_0":9,"cvss_v3_1":437,"cvss_v4_0":9},{"baseScore":433,"baseSeverity":9,"vectorString":434,"impactScore":435,"exploitabilityScore":436},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":135,"baseSeverity":438,"vectorString":138,"impactScore":439,"exploitabilityScore":436},"HIGH",6,{"source":144,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":441,"cvss_v4_0":9},{"baseScore":135,"baseSeverity":9,"vectorString":138,"impactScore":439,"exploitabilityScore":436},[443,458,503,513,536],{"ecosystem":9,"name":444,"vendor":445,"product":446,"cpe_part":447,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"Apache Tomcat","apache software foundation","apache tomcat","a",[449,452,454,456],{"version":450,"is_range":101,"range_type":143,"version_start":450,"version_start_type":451,"version_end":450,"version_end_type":451,"fixed_in":9},"Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M14","including",{"version":453,"is_range":101,"range_type":143,"version_start":453,"version_start_type":451,"version_end":453,"version_end_type":451,"fixed_in":9},"Apache Tomcat 10 10.0.0-M1 to 10.0.20",{"version":455,"is_range":101,"range_type":143,"version_start":455,"version_start_type":451,"version_end":455,"version_end_type":451,"fixed_in":9},"Apache Tomcat 9 9.0.13 to 9.0.62",{"version":457,"is_range":101,"range_type":143,"version_start":457,"version_start_type":451,"version_end":457,"version_end_type":451,"fixed_in":9},"Apache Tomcat 8.5 8.5.38 to 8.5.78",{"ecosystem":9,"name":459,"vendor":9,"product":459,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"Tomcat",[461,467,471,475,477,479,481,483,485,487,489,491,493,495,497,499,501],{"version":462,"is_range":463,"range_type":464,"version_start":465,"version_start_type":451,"version_end":466,"version_end_type":451,"fixed_in":9},"gte8.5.38_lte8.5.78",true,"cpe","8.5.38","8.5.78",{"version":468,"is_range":463,"range_type":464,"version_start":469,"version_start_type":451,"version_end":470,"version_end_type":451,"fixed_in":9},"gte9.0.13_lte9.0.62","9.0.13","9.0.62",{"version":472,"is_range":463,"range_type":464,"version_start":473,"version_start_type":451,"version_end":474,"version_end_type":451,"fixed_in":9},"gte10.0.0_lte10.0.20","10.0.0","10.0.20",{"version":476,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone1",{"version":478,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone10",{"version":480,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone11",{"version":482,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone12",{"version":484,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone13",{"version":486,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone14",{"version":488,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone2",{"version":490,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone3",{"version":492,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone4",{"version":494,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone5",{"version":496,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone6",{"version":498,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone7",{"version":500,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone8",{"version":502,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone9",{"ecosystem":9,"name":504,"vendor":505,"product":506,"cpe_part":507,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":508},"debian linux","debian","debian_linux","o",[509,511],{"version":510,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"version":512,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":514,"name":515,"vendor":516,"product":517,"cpe_part":9,"purl_type":518,"purl_namespace":516,"purl_name":517,"source":9,"versions":519},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[520,526,530,533],{"version":521,"is_range":463,"range_type":522,"version_start":523,"version_start_type":451,"version_end":524,"version_end_type":525,"fixed_in":9},"gte10_1_0_M1_lt10_1_0_M15","ecosystem","10.1.0-M1","10.1.0-M15","excluding",{"version":527,"is_range":463,"range_type":522,"version_start":528,"version_start_type":451,"version_end":529,"version_end_type":525,"fixed_in":9},"gte10_0_0_M1_lt10_0_21","10.0.0-M1","10.0.21",{"version":531,"is_range":463,"range_type":522,"version_start":469,"version_start_type":451,"version_end":532,"version_end_type":525,"fixed_in":9},"gte9_0_13_lt9_0_63","9.0.63",{"version":534,"is_range":463,"range_type":522,"version_start":465,"version_start_type":451,"version_end":535,"version_end_type":525,"fixed_in":9},"gte8_5_38_lt8_5_79","8.5.79",{"ecosystem":9,"name":537,"vendor":538,"product":539,"cpe_part":447,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":540},"hospitality cruise shipboard property management system","oracle","hospitality_cruise_shipboard_property_management_system",[541],{"version":542,"is_range":101,"range_type":464,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"20.2.1"]