BIT-tomcat-2021-43980
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2021-43980.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tomcat-2021-43980
- Aliases
- Published
- 2024-03-06T11:09:43.693Z
- Modified
- 2025-11-06T13:25:46.476Z
- Summary
- Apache Tomcat: Information disclosure
- Details
-
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
- Database specific
{ "cpes": [ "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*" ], "severity": "Low" }- References
Affected packages
Bitnami / tomcat
Package
- Name
- tomcat
- Purl
- pkg:bitnami/tomcat
Severity
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator