tomcat-coyote is vulnerable to information disclosure. The vulnerability is caused due to a regression introduced by a refactoring to widen the use of bytebuffer. Due to the flaw, when running behind a reverse proxy, the information leaks between requests on the same connection. All HTTP connector variants are affected but HTTP/2 and AJP are not affected.