GoogleOSV:GHSA-MPPV-79CH-VW6QApache Tomcat vulnerable to information leak
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.6%
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS message would be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
References
bz.apache.org/bugzilla/show_bug.cgi?id=66512
bz.apache.org/bugzilla/show_bug.cgi?id=66591
github.com/apache/tomcat
github.com/apache/tomcat/commit/2214c8030522aa9b2a367dfa5d9acff1a03666ae
github.com/apache/tomcat/commit/2f0ca2378415f4cf0748f4bc8fa955f41f803fa5
github.com/apache/tomcat/commit/739c7381aed22b7636351caf885ddc519ab6b442
github.com/apache/tomcat/commit/f0742f47b98aca943097f7f88e0d1163f57527e3
lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
nvd.nist.gov/vuln/detail/CVE-2023-34981
security.netapp.com/advisory/ntap-20230714-0003
tomcat.apache.org/security-10.html
tomcat.apache.org/security-11.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.6%