CVE-2021-25122

Updated: 2024-11-22 05:03:40.784684

Description:

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

Ubuntu 16.04 ELS tomcat7 7.0.68-1 7.5 HIGH Not Vulnerable 2024-08-22 17:29:33
Ubuntu 16.04 ELS tomcat8 8.0.32-1 7.5 HIGH Not Vulnerable 2024-08-22 17:29:32
Ubuntu 18.04 ELS tomcat8 8.5.39-1 7.5 HIGH Released CLSA-2023:1687469807 2023-06-22 21:16:28
Ubuntu 18.04 ELS tomcat9 9.0.16-3 7.5 HIGH Already Fixed 2023-06-02 09:09:42