Lucene search
K

11 matches found

OSV
OSV
added 2026/04/28 10:28 p.m.6 views

GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/28 10:28 p.m.14 views

Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.3AI score0.00251EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2024/11/22 4:51 p.m.16 views

CVE-2024-52317

A flaw was found in Apache Tomcat HTTP/2 handling. This vulnerability allows a request or response mix-up between users via incorrect recycling of request and response objects...

6.5CVSS6.5AI score0.02008EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/18 11:36 a.m.40 views

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

0.02008EPSS
Exploits1References1
Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.37 views

Fixed in Apache Tomcat 10.1.31

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 146f94f8. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.3AI score0.06287EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.30 views

Fixed in Apache Tomcat 11.0.0

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 9e840cca. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.3AI score0.06287EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.48 views

Fixed in Apache Tomcat 9.0.96

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 47307ee2. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.9AI score0.06287EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/05/13 1:46 a.m.2 views

GHSA-9HG2-395J-83RM Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

9.8CVSS7.2AI score0.07752EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2017/04/17 4:59 p.m.29 views

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

9.8CVSS7.2AI score0.07752EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/04/17 4:0 p.m.29 views

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

9.8CVSS9.4AI score0.07752EPSS
Exploits0
Veracode
Veracode
added 2017/04/11 5:8 a.m.28 views

Information Disclosure

tomcat-coyote is vulnerable to information disclosure. If the send file process completed quickly, it is possible for a processor to be added to the processor cache twice, resulting in the same process being reused for multiple requests. A malicious user could gain access to this processor to...

9.8CVSS8.3AI score0.07752EPSS
Exploits0References16Affected Software2
Rows per page
Query Builder