Description
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
Remediation
References
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
Related Vulnerabilities
CVE-2023-41037 Vulnerability in npm package openpgp
CVE-2017-5637 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2011-3190 Vulnerability in maven package tomcat:tomcat-coyote
CVE-2019-14838 Vulnerability in maven package org.wildfly.core:wildfly-host-controller
CVE-2018-1000665 Vulnerability in maven package org.apache.geronimo.plugins:dojo