Description
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2020-2755 Vulnerability (CVE-2020-2755)
WordPress Plugin DJ EmailPublish Cross-Site Scripting (1.7.2)
Squid Improper Input Validation Vulnerability (CVE-2020-8517)
Atlassian Jira CVE-2019-20413 Vulnerability (CVE-2019-20413)
WordPress Plugin Social Like Box and Page by WpDevArt Cross-Site Scripting (0.8.40)