High severityNVD Advisory· Published May 12, 2022· Updated Aug 3, 2024
EncryptInterceptor does not provide complete protection on insecure networks
CVE-2022-29885
Description
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Tomcat documentation for EncryptInterceptor incorrectly claimed it enables secure clustering over untrusted networks, but it lacks protection against DoS attacks.
Vulnerability
The documentation for the EncryptInterceptor in Apache Tomcat versions 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62, and 8.5.38 to 8.5.78 incorrectly stated that it enabled Tomcat clustering to run over an untrusted network [1]. While the interceptor provides confidentiality and integrity protection, it does not protect against all risks, particularly denial-of-service (DoS) attacks [1].
Exploitation
No direct exploitation of a software flaw is involved. The vulnerability is a documentation error that could lead administrators to believe clustering over an untrusted network is fully secured when it is not [1]. An attacker on the same network could potentially launch DoS attacks against the cluster, as the EncryptInterceptor does not mitigate such risks.
Impact
Misleading documentation may cause users to make incorrect security assumptions about their Tomcat cluster. This could result in exposure to DoS attacks when clustering is used over an untrusted network, potentially leading to service disruption [1][2].
Mitigation
Apache Tomcat has corrected the documentation in later releases [2][3][4]. Users should upgrade to a fixed version: 10.1.0-M15 or later, 10.0.21 or later, 9.0.63 or later, or 8.5.79 or later. Alternatively, use a private LAN, VPN, or IPSEC for cluster traffic, and do not rely solely on the EncryptInterceptor when operating over an untrusted network [1].
References
- NVD - CVE-2022-29885
- EncryptInterceptor only provides partial protection on untrusted network · apache/tomcat@eaafd28
- EncryptInterceptor only provides partial protection on untrusted network · apache/tomcat@0fa7721
- EncryptInterceptor only provides partial protection on untrusted network · apache/tomcat@b679bc6
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 10.1.0-M1, < 10.1.0-M15 | 10.1.0-M15 |
org.apache.tomcat:tomcatMaven | >= 10.0.0-M1, < 10.0.21 | 10.0.21 |
org.apache.tomcat:tomcatMaven | >= 9.0.13, < 9.0.63 | 9.0.63 |
org.apache.tomcat:tomcatMaven | >= 8.5.38, < 8.5.79 | 8.5.79 |
Affected products
3- osv-coords2 versions
>= 8.5.38, < 8.5.79+ 1 more
- (no CPE)range: >= 8.5.38, < 8.5.79
- (no CPE)range: >= 10.1.0-M1, < 10.1.0-M15
- Apache Software Foundation/Apache Tomcatv5Range: Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M14
Patches
4b679bc627f5aEncryptInterceptor only provides partial protection on untrusted network
4 files changed · +21 −5
webapps/docs/changelog.xml+6 −0 modified@@ -183,6 +183,12 @@ recommendation for the use the <code>trimSpaces</code> option for Jasper in production environments. (markt) </fix> + <fix> + Update the documentation web application to state that the + <code>EncryptInterceptor</code> does not provide sufficient protection + to run Tomcat clustering over an untrusted network. This is + CVE-2022-29885. (markt) + </fix> </changelog> </subsection> <subsection name="Other">
webapps/docs/cluster-howto.xml+5 −1 modified@@ -127,9 +127,13 @@ Tomcat cluster. These include:</p> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> - <li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Cluster Basics">
webapps/docs/config/cluster.xml+5 −1 modified@@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p> <p>There are many options for providing a secure, trusted network for use by a Tomcat cluster. These include:</p> <ul> - <li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Engine vs Host placement"> <p>
webapps/docs/security-howto.xml+5 −3 modified@@ -469,10 +469,12 @@ trusted network is used for all of the cluster related network traffic. It is not safe to run a cluster on a insecure, untrusted network.</p> - <p>If you are operating on an untrusted network or would prefer to - exercise an over-abundance of caution, you can use the + <p>If you require confidentiality and/or integrity protection then you can + use the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> - to encrypt traffic between nodes.</p> + to encrypt traffic between nodes. This interceptor does not protect + against all the risks of running on an untrusted network, particularly + DoS attacks.</p> </subsection> </section>
eaafd28296c5EncryptInterceptor only provides partial protection on untrusted network
4 files changed · +21 −5
webapps/docs/changelog.xml+6 −0 modified@@ -183,6 +183,12 @@ recommendation for the use the <code>trimSpaces</code> option for Jasper in production environments. (markt) </fix> + <fix> + Update the documentation web application to state that the + <code>EncryptInterceptor</code> does not provide sufficient protection + to run Tomcat clustering over an untrusted network. This is + CVE-2022-29885. (markt) + </fix> </changelog> </subsection> <subsection name="Other">
webapps/docs/cluster-howto.xml+5 −1 modified@@ -127,9 +127,13 @@ Tomcat cluster. These include:</p> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> - <li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Cluster Basics">
webapps/docs/config/cluster.xml+5 −1 modified@@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p> <p>There are many options for providing a secure, trusted network for use by a Tomcat cluster. These include:</p> <ul> - <li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Engine vs Host placement"> <p>
webapps/docs/security-howto.xml+5 −3 modified@@ -469,10 +469,12 @@ trusted network is used for all of the cluster related network traffic. It is not safe to run a cluster on a insecure, untrusted network.</p> - <p>If you are operating on an untrusted network or would prefer to - exercise an over-abundance of caution, you can use the + <p>If you require confidentiality and/or integrity protection then you can + use the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> - to encrypt traffic between nodes.</p> + to encrypt traffic between nodes. This interceptor does not protect + against all the risks of running on an untrusted network, particularly + DoS attacks.</p> </subsection> </section>
36826ea63845EncryptInterceptor only provides partial protection on untrusted network
4 files changed · +21 −5
webapps/docs/changelog.xml+6 −0 modified@@ -191,6 +191,12 @@ recommendation for the use the <code>trimSpaces</code> option for Jasper in production environments. (markt) </fix> + <fix> + Update the documentation web application to state that the + <code>EncryptInterceptor</code> does not provide sufficient protection + to run Tomcat clustering over an untrusted network. This is + CVE-2022-29885. (markt) + </fix> </changelog> </subsection> <subsection name="Other">
webapps/docs/cluster-howto.xml+5 −1 modified@@ -127,9 +127,13 @@ Tomcat cluster. These include:</p> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> - <li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Cluster Basics">
webapps/docs/config/cluster.xml+5 −1 modified@@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p> <p>There are many options for providing a secure, trusted network for use by a Tomcat cluster. These include:</p> <ul> - <li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Engine vs Host placement"> <p>
webapps/docs/security-howto.xml+5 −3 modified@@ -477,10 +477,12 @@ trusted network is used for all of the cluster related network traffic. It is not safe to run a cluster on a insecure, untrusted network.</p> - <p>If you are operating on an untrusted network or would prefer to - exercise an over-abundance of caution, you can use the + <p>If you require confidentiality and/or integrity protection then you can + use the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> - to encrypt traffic between nodes.</p> + to encrypt traffic between nodes. This interceptor does not protect + against all the risks of running on an untrusted network, particularly + DoS attacks.</p> </subsection> </section>
0fa7721f11d5EncryptInterceptor only provides partial protection on untrusted network
4 files changed · +21 −5
webapps/docs/changelog.xml+6 −0 modified@@ -203,6 +203,12 @@ recommendation for the use the <code>trimSpaces</code> option for Jasper in production environments. (markt) </fix> + <fix> + Update the documentation web application to state that the + <code>EncryptInterceptor</code> does not provide sufficient protection + to run Tomcat clustering over an untrusted network. This is + CVE-2022-29885. (markt) + </fix> </changelog> </subsection> <subsection name="Other">
webapps/docs/cluster-howto.xml+5 −1 modified@@ -127,9 +127,13 @@ Tomcat cluster. These include:</p> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> - <li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Cluster Basics">
webapps/docs/config/cluster.xml+5 −1 modified@@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p> <p>There are many options for providing a secure, trusted network for use by a Tomcat cluster. These include:</p> <ul> - <li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Engine vs Host placement"> <p>
webapps/docs/security-howto.xml+5 −3 modified@@ -477,10 +477,12 @@ trusted network is used for all of the cluster related network traffic. It is not safe to run a cluster on a insecure, untrusted network.</p> - <p>If you are operating on an untrusted network or would prefer to - exercise an over-abundance of caution, you can use the + <p>If you require confidentiality and/or integrity protection then you can + use the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> - to encrypt traffic between nodes.</p> + to encrypt traffic between nodes. This interceptor does not protect + against all the risks of running on an untrusted network, particularly + DoS attacks.</p> </subsection> </section>
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
13- github.com/advisories/GHSA-r84p-88g2-2vx2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-29885ghsaADVISORY
- www.debian.org/security/2022/dsa-5265ghsavendor-advisoryWEB
- github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357dghsaWEB
- github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91ghsaWEB
- github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890ghsaWEB
- github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48ghsaWEB
- lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcvghsaWEB
- lists.debian.org/debian-lts-announce/2022/10/msg00029.htmlghsamailing-listWEB
- security.netapp.com/advisory/ntap-20220629-0002ghsaWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsaWEB
- packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.htmlmitre
- security.netapp.com/advisory/ntap-20220629-0002/mitre
News mentions
0No linked articles in our index yet.