While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
{ "cpes": [ "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.39:*:*:*:*:*:*:*" ], "severity": "High" }