BIT-tomcat-2021-25122
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2021-25122.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tomcat-2021-25122
- Aliases
- Published
- 2024-03-06T11:10:22.561Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
- References
-
- http://www.openwall.com/lists/oss-security/2021/03/01/1
- https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html
- https://security.gentoo.org/glsa/202208-34
- https://security.netapp.com/advisory/ntap-20210409-0002/
- https://www.debian.org/security/2021/dsa-4891
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Bitnami / tomcat
Package
- Name
- tomcat
- Purl
- pkg:bitnami/tomcat
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced8.5.0Fixed8.5.61Introduced9.0.0Fixed9.0.41
- Type
- SEMVER
- Events
-
Introduced9.0.0-milestone1Last affected9.0.0-milestone1Introduced9.0.0-milestone10Last affected9.0.0-milestone10Introduced9.0.0-milestone11Last affected9.0.0-milestone11Introduced9.0.0-milestone12Last affected9.0.0-milestone12Introduced9.0.0-milestone13Last affected9.0.0-milestone13Introduced9.0.0-milestone14Last affected9.0.0-milestone14Introduced9.0.0-milestone15Last affected9.0.0-milestone15Introduced9.0.0-milestone16Last affected9.0.0-milestone16Introduced9.0.0-milestone17Last affected9.0.0-milestone17Introduced9.0.0-milestone18Last affected9.0.0-milestone18Introduced9.0.0-milestone19Last affected9.0.0-milestone19Introduced9.0.0-milestone2Last affected9.0.0-milestone2Introduced9.0.0-milestone20Last affected9.0.0-milestone20Introduced9.0.0-milestone21Last affected9.0.0-milestone21Introduced9.0.0-milestone22Last affected9.0.0-milestone22Introduced9.0.0-milestone23Last affected9.0.0-milestone23Introduced9.0.0-milestone24Last affected9.0.0-milestone24Introduced9.0.0-milestone25Last affected9.0.0-milestone25Introduced9.0.0-milestone26Last affected9.0.0-milestone26Introduced9.0.0-milestone27Last affected9.0.0-milestone27Introduced9.0.0-milestone3Last affected9.0.0-milestone3Introduced9.0.0-milestone4Last affected9.0.0-milestone4Introduced9.0.0-milestone5Last affected9.0.0-milestone5Introduced10.0.0Last affected10.0.0Introduced10.0.0-milestone1Last affected10.0.0-milestone1Introduced10.0.0-milestone10Last affected10.0.0-milestone10Introduced10.0.0-milestone2Last affected10.0.0-milestone2Introduced10.0.0-milestone3Last affected10.0.0-milestone3Introduced10.0.0-milestone4Last affected10.0.0-milestone4Introduced10.0.0-milestone5Last affected10.0.0-milestone5Introduced10.0.0-milestone6Last affected10.0.0-milestone6Introduced10.0.0-milestone7Last affected10.0.0-milestone7Introduced10.0.0-milestone8Last affected10.0.0-milestone8Introduced10.0.0-milestone9Last affected10.0.0-milestone9