Apache Tomcat-Coyote is vulnerable to information disclosure. A remote unauthenticated attacker is able to cause client connections to share an Http11Processor
instance resulting in responses or part responses to be received by a malicious client due to the simplified implementation of blocking reads and writes, disclosing sensitive information.
www.openwall.com/lists/oss-security/2022/09/28/1
github.com/advisories/GHSA-jx7c-7mj5-9438
github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
lists.debian.org/debian-lts-announce/2022/10/msg00029.html
tomcat.apache.org/security-10.html
www.debian.org/security/2022/dsa-5265