CVE-2022-29885

HIGH

Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-29885. PoCs published by Cristian Giustini, quynhlab, iveresk.

AI-analyzed exploit summary This exploit targets CVE-2022-29885, a DoS vulnerability in Apache Tomcat 10.1 and earlier. It floods the Tomcat cluster service port (4000) with malformed packets containing 'FLT2002' followed by a large buffer of 'A' characters, causing a denial of service.

Description

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

Exploits (3)

exploitdb WORKING POC
by Cristian Giustini · pythondosmultiple
https://www.exploit-db.com/exploits/51262

This exploit targets CVE-2022-29885, a DoS vulnerability in Apache Tomcat 10.1 and earlier. It floods the Tomcat cluster service port (4000) with malformed packets containing 'FLT2002' followed by a large buffer of 'A' characters, causing a denial of service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat <= 10.1
No auth needed
Prerequisites: Network access to Tomcat cluster service port (4000) · Python 3 with pwntools==4.8.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by quynhlab · poc
https://github.com/quynhlab/CVE-2022-29885

This repository contains a Go-based exploit for CVE-2022-29885, a DoS vulnerability in Apache Tomcat's EncryptInterceptor. The exploit sends a specially crafted TCP packet to trigger a denial of service in the target's NioReceiver.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat (any version with Cluster Nio Receiver enabled)
No auth needed
Prerequisites: Tomcat cluster function enabled · NioReceiver configured for communication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by iveresk · poc
https://github.com/iveresk/CVE-2022-29885

This repository contains a Go-based exploit for CVE-2022-29885, a Denial of Service (DoS) vulnerability in Apache Tomcat's EncryptInterceptor when using NioReceiver for cluster communication. The exploit sends a specially crafted TCP packet to trigger the DoS condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apache Tomcat (any version with cluster function enabled and NioReceiver)
No auth needed
Prerequisites: Tomcat cluster function enabled · NioReceiver used for communication · Target machine must start the Cluster Nio Receiver
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.5
EPSS 0.5553
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (6)
apache/tomcat 10.1.0 milestone1 (14 CPE variants)
apache/tomcat 8.5.38 - 8.5.78
debian/debian_linux 10.0
debian/debian_linux 11.0
oracle/hospitality_cruise_shipboard_property_management_system 20.2.1
org.apache.tomcat/tomcat 10.1.0-M1 - 10.1.0-M15Maven
Published May 12, 2022
Tracked Since Feb 18, 2026