3 matches found
Astra Linux – Vulnerability in Tomcat9
When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...
SUSE-SU-2024:0829-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2024-21733: Fixed leaking of unrelated request bodies in default error page bsc1219023, bsc1220503...
tomcat: Request mix-up with h2c
A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. The highest threat from this...