Apache Tomcat: Important: Request mix-up with h2c (CVE-2021-25122)
Description
When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
Solution(s)
apache-tomcat-upgrade-0_0_2apache-tomcat-upgrade-8_5_63apache-tomcat-upgrade-9_0_43
Referenceshttps://attackerkb.com/topics/cve-2021-25122CVE - 2021-25122http://tomcat.apache.org/security-10.htmlhttp://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-9.html