Tomcat vulnerabilities CVE-2022-45143 and CVE-2022-42252 were disclosed by the software vendor. FlexDeploy uses Tomcat software as part of its environment. The details listed below show that neither of the vulnerabilities are affected in Tomcat shipped with FlexDeploy.
CVE-2022-42242 - Apache Tomcat request smuggling
This only applies if rejectIllegalHeader is set to false. FlexDeploy leaves this value at the default of true so this vulernability is not a risk in FlexDeploy implementations.
CVE-2022-54143 -
This only applies if the class JsonErrorReportValue is used. FlexDeploy code does not use this class anywhere its code and as a result FlexDeploy is not at risk from this vulnerability.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article