Description

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

Remediation

References

CVE-2021-25122

Related Vulnerabilities

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (2.9.1.1)

SharePoint CVE-2020-0852 Vulnerability (CVE-2020-0852)

WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Cross-Site Scripting (4.6.19)

WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)

WordPress Plugin File Manager Multiple Vulnerabilities (4.8)

Severity

High

Classification

CVE-2021-25122 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities