A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-06-21T10:26:16.916Z
Updated: 2024-08-02T16:17:04.269Z
Reserved: 2023-06-08T12:48:27.995Z
Link: CVE-2023-34981
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-21T11:15:09.410
Modified: 2023-07-21T19:20:13.337
Link: CVE-2023-34981
Redhat