30 matches found
K000149857: Apache Tomcat vulnerability CVE-2024-52317
Security Advisory Description Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through...
CVE-2024-52317
A flaw was found in Apache Tomcat HTTP/2 handling. This vulnerability allows a request or response mix-up between users via incorrect recycling of request and response objects...
Apache Tomcat 9.0.0-M1 < 9.0.96 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...
Apache Tomcat 10.1.0-M1 < 10.1.31 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...
Apache Tomcat 11.0.0-M1 < 11.0.0 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...
DEBIAN-CVE-2024-52317
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...
Fixed in Apache Tomcat 10.1.31
Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 146f94f8. This issue was identified by the Tomcat Security Team on 1 October 2024...
Fixed in Apache Tomcat 11.0.0
Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 9e840cca. This issue was identified by the Tomcat Security Team on 1 October 2024...
Fixed in Apache Tomcat 9.0.96
Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 47307ee2. This issue was identified by the Tomcat Security Team on 1 October 2024...
Apache Tomcat 9.0.0.M1 < 9.0.21 Request Mix-Up
The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.75 or 9.0.0.M1 to 9.0.20. It is, therefore, affected by a request mix-up vulnerability. If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application...
Apache Tomcat Request Mix-up Vulnerability (May 2022) - Windows
Apache Tomcat is prone to a request mix-up vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Apache Tomcat 8.5.x < 8.5.76 Request Mix-Up
The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.75 or 9.0.0.M1 to 9.0.20. It is, therefore, affected by a request mix-up vulnerability. If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.5.0 Security release
Updated Red Hat JBoss Web Server 5.5.0 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
tomcat: Request mix-up with h2c
A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. The highest threat from this...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.5.0 security release
Red Hat JBoss Web Server 5.5.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
SUSE: Security Advisory (SUSE-SU-2020:3068-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3069-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for tomcat (openSUSE-SU-2021:0496-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2021:1009-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system bsc1180947. - CVE-2021-25122: Apache Tomcat h2c request mix-up bsc1182912 - CVE-2021-25329: Complete fix for CVE-2020-9484 bsc1182909...
Information Disclosure
tomcat-coyote is vulnerable to information leakage. When responding to new h2c connection requests, a request mix-up occurs with h2c as the request headers and a limited amount of request body is duplicated from one request to another, resulting in the request being seen by another user...