BIT-tomcat-2020-17527

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2020-17527.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tomcat-2020-17527

Aliases

Published

2024-03-06T11:11:37.082Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.5.1

Fixed

8.5.59

Introduced

9.0.1

Fixed

9.0.35

Type: SEMVER
Events: Introduced

9.0.0-milestone10

Last affected

9.0.0-milestone10

Introduced

9.0.0-milestone11

Last affected

9.0.0-milestone11

Introduced

9.0.0-milestone12

Last affected

9.0.0-milestone12

Introduced

9.0.0-milestone13

Last affected

9.0.0-milestone13

Introduced

9.0.0-milestone14

Last affected

9.0.0-milestone14

Introduced

9.0.0-milestone15

Last affected

9.0.0-milestone15

Introduced

9.0.0-milestone16

Last affected

9.0.0-milestone16

Introduced

9.0.0-milestone17

Last affected

9.0.0-milestone17

Introduced

9.0.0-milestone18

Last affected

9.0.0-milestone18

Introduced

9.0.0-milestone19

Last affected

9.0.0-milestone19

Introduced

9.0.0-milestone20

Last affected

9.0.0-milestone20

Introduced

9.0.0-milestone21

Last affected

9.0.0-milestone21

Introduced

9.0.0-milestone22

Last affected

9.0.0-milestone22

Introduced

9.0.0-milestone23

Last affected

9.0.0-milestone23

Introduced

9.0.0-milestone24

Last affected

9.0.0-milestone24

Introduced

9.0.0-milestone25

Last affected

9.0.0-milestone25

Introduced

9.0.0-milestone26

Last affected

9.0.0-milestone26

Introduced

9.0.0-milestone27

Last affected

9.0.0-milestone27

Introduced

9.0.0-milestone5

Last affected

9.0.0-milestone5

Introduced

9.0.0-milestone6

Last affected

9.0.0-milestone6

Introduced

9.0.0-milestone7

Last affected

9.0.0-milestone7

Introduced

9.0.0-milestone8

Last affected

9.0.0-milestone8

Introduced

9.0.0-milestone9

Last affected

9.0.0-milestone9

Introduced

9.0.35-3.39.1

Last affected

9.0.35-3.39.1

Introduced

9.0.35-3.57.3

Last affected

9.0.35-3.57.3

Introduced

9.0.36

Last affected

9.0.36

Introduced

9.0.37

Last affected

9.0.37

Introduced

9.0.38

Last affected

9.0.38

Introduced

9.0.39

Last affected

9.0.39

Introduced

10.0.0-milestone1

Last affected

10.0.0-milestone1

Introduced

10.0.0-milestone2

Last affected

10.0.0-milestone2

Introduced

10.0.0-milestone3

Last affected

10.0.0-milestone3

Introduced

10.0.0-milestone4

Last affected

10.0.0-milestone4

Introduced

10.0.0-milestone5

Last affected

10.0.0-milestone5

Introduced

10.0.0-milestone6

Last affected

10.0.0-milestone6

Introduced

10.0.0-milestone7

Last affected

10.0.0-milestone7

Introduced

10.0.0-milestone8

Last affected

10.0.0-milestone8

Introduced

10.0.0-milestone9

Last affected

10.0.0-milestone9