BIT-tomcat-2021-43980
- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2021-43980.json
- Aliases
- Published
- 2024-03-06T11:09:43.693Z
- Modified
- 2024-03-06T11:25:28.861Z
- Details
-
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
- References
Affected packages
Bitnami / tomcat
Package
- Name
- tomcat
Affected ranges
- Type
- SEMVER
- Events
-
Introduced8.5.0Fixed8.5.77Introduced9.0.0Fixed9.0.60Introduced10.0.0Fixed10.0.18
- Type
- SEMVER
- Events
-
Introduced10.1.0-milestone1Last affected10.1.0-milestone1Introduced10.1.0-milestone10Last affected10.1.0-milestone10Introduced10.1.0-milestone11Last affected10.1.0-milestone11Introduced10.1.0-milestone12Last affected10.1.0-milestone12Introduced10.1.0-milestone2Last affected10.1.0-milestone2Introduced10.1.0-milestone3Last affected10.1.0-milestone3Introduced10.1.0-milestone4Last affected10.1.0-milestone4Introduced10.1.0-milestone5Last affected10.1.0-milestone5Introduced10.1.0-milestone6Last affected10.1.0-milestone6Introduced10.1.0-milestone7Last affected10.1.0-milestone7Introduced10.1.0-milestone8Last affected10.1.0-milestone8Introduced10.1.0-milestone9Last affected10.1.0-milestone9