Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High severity
GitHub Reviewed
Published
Feb 9, 2022
to the GitHub Advisory Database
•
Updated Mar 21, 2024
Package
Affected versions
>= 10.0.0-M1, < 10.0.0-M10
>= 9.0.0-M1, < 9.0.40
>= 8.5.0, < 8.5.60
Patched versions
10.0.0-M10
9.0.40
8.5.60
Description
Published by the National Vulnerability Database
Dec 3, 2020
Reviewed
Apr 12, 2021
Published to the GitHub Advisory Database
Feb 9, 2022
Last updated
Mar 21, 2024
Credits
-
sunSUNQ Analyst
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
References