Updated: 2024-11-22 05:03:40.784684
Description:
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5 |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
Ubuntu 16.04 ELS | tomcat7 | 7.0.68-1 | 7.5 | HIGH | Not Vulnerable | 2024-08-22 17:29:33 | ||
Ubuntu 16.04 ELS | tomcat8 | 8.0.32-1 | 7.5 | HIGH | Not Vulnerable | 2024-08-22 17:29:32 | ||
Ubuntu 18.04 ELS | tomcat8 | 8.5.39-1 | 7.5 | HIGH | Released | CLSA-2023:1687469807 | 2023-06-22 21:16:28 | |
Ubuntu 18.04 ELS | tomcat9 | 9.0.16-3 | 7.5 | HIGH | Already Fixed | 2023-06-02 09:09:42 |