While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
2020-12-03T19:15:12.200
2024-11-21T05:08:17.910
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | tomcat | ≤ 8.5.59 | Yes |
| Application | apache | tomcat | ≤ 9.0.35 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.0 | Yes |
| Application | apache | tomcat | 9.0.35-3.39.1 | Yes |
| Application | apache | tomcat | 9.0.35-3.57.3 | Yes |
| Application | apache | tomcat | 9.0.36 | Yes |
| Application | apache | tomcat | 9.0.37 | Yes |
| Application | apache | tomcat | 9.0.38 | Yes |
| Application | apache | tomcat | 9.0.39 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | apache | tomcat | 10.0.0 | Yes |
| Application | netapp | element_plug-in | - | Yes |
| Application | netapp | oncommand_system_manager | ≤ 3.1.3 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Application | oracle | blockchain_platform | < 21.1.2 | Yes |
| Application | oracle | communications_cloud_native_core_binding_support_function | 1.10.0 | Yes |
| Application | oracle | communications_cloud_native_core_policy | 1.14.0 | Yes |
| Application | oracle | communications_instant_messaging_server | 10.0.1.5.0 | Yes |
| Application | oracle | instantis_enterprisetrack | 17.1 | Yes |
| Application | oracle | instantis_enterprisetrack | 17.2 | Yes |
| Application | oracle | instantis_enterprisetrack | 17.3 | Yes |
| Application | oracle | mysql_enterprise_monitor | < 8.0.23 | Yes |
| Application | oracle | sd-wan_edge | 9.0 | Yes |
| Application | oracle | workload_manager | 18c | Yes |
| Application | oracle | workload_manager | 19c | Yes |