Improper Encoding or Escaping of Output

CVE-2021-30640

Medium

6.5/10

Summary

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 7.0.X Before 7.0.109, 8.X before 8.5.66, 9.0.X before 9.0.46, and before 10.0.6.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-116 - Improper Encoding or Escaping of Output

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

Advisory
Mail Thread
Issue
Issue

Advisory Timeline

Published Jul 12, 2021

Improper Encoding or Escaping of Output

CVE-2021-30640

Summary

CWE-116 - Improper Encoding or Escaping of Output

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS