CVE-2021-43980

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43980
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43980.json
Aliases
Related
Published
2022-09-28T14:15:09Z
Modified
2023-12-06T01:01:40.834376Z
Details

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Last affected
8778a44d6323c1066237043a89ab2f36696916b1
Last affected
e706972942e2c342e4a37baf5e2596f11e8a0e94
Last affected
2a10c8d9110d7b1c7f526f3352648c6b19ba2c52
Last affected
f2ab9ac8bc3f40ee9b2cb50b030c99df927f0429
Last affected
0e59fedb28df646930c5aff945159b64d7a52260
Last affected
0f3f1e439a040068b741d77777766722e4420ad6
Last affected
cd53876fefaa370c31466b0f615e9ad026541a27
Last affected
02d546ba3c553c74ff1a99ecc166a6ff9c501ba8
Last affected
51d1031c36c0f2b3ee1e0d14b56228a559144153
Last affected
dc3639dd7123301ced18dbf4ddf2dca93704870d
Last affected
049799677ba307378a256621bb1a7b03f597571c
Last affected
d08498a3cefa7206bad791acf019455794f865ea
Introduced
e37b977db6f47e4380ad67114a49e8568951c953
Last affected
3931695e564dd4dd1dbf029026e900b74992408c
Introduced
16bf392c67833ad549733b58c350ff92b5ee782a
Last affected
235730aed454e8d3619109f2c563587ff722e69d
Introduced
4c8b650437e2464c1c31c6598a263b3805b7a81f
Last affected
70f59e8328621e58b9493c119f05a2e57f597a1c