A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (modproxy_ajp) would use the response headers from the previous request leading to an information leak.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34981.json",
"cna_assigner": "apache",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "11.0.0-M5"
},
{
"last_affected": "11.0.0-M5"
},
{
"introduced": "10.1.8"
},
{
"last_affected": "10.1.8"
},
{
"introduced": "9.0.74"
},
{
"last_affected": "9.0.74"
},
{
"introduced": "8.5.88"
},
{
"last_affected": "8.5.88"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": [
"cpe:2.3:a:apache:tomcat:8.5.88:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:9.0.74:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.5.88"
},
{
"last_affected": "8.5.88"
},
{
"introduced": "9.0.74"
},
{
"last_affected": "9.0.74"
},
{
"introduced": "10.1.8"
},
{
"last_affected": "10.1.8"
},
{
"introduced": "11.0.0-milestone5"
},
{
"last_affected": "11.0.0-milestone5"
}
],
"source": "CPE_STRING"
}