We found results for “”
CVE-2023-34981
Good to know:
Date: June 21, 2023
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
Language: Java
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version org.apache.tomcat:tomcat-coyote:8.5.89,9.0.75,10.1.9,11.0.0-M6;org.apache.tomcat.embed:tomcat-embed-core:8.5.89,9.0.75,10.1.9,11.0.0-M6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |