When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2021-03-01T12:00:20
Updated: 2024-08-03T19:56:10.384Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25122
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-01T12:15:13.793
Modified: 2023-11-07T03:31:23.940
Link: CVE-2021-25122
Redhat