Thursday, March 4, 2021

Apache Tomcat: Important: Request mix-up with h2c (CVE-2021-25122)

Apache vulnerabilities In: , 
Description
When responding to new h2c connection requests, Apache Tomcat could    duplicate request headers and a limited amount of request body from one    request to another meaning user A and user B could both see the results of    user A's request.
Solution(s)
  • apache-tomcat-upgrade-0_0_2
  • apache-tomcat-upgrade-8_5_63
  • apache-tomcat-upgrade-9_0_43


    • References
  • https://attackerkb.com/topics/cve-2021-25122
  • CVE - 2021-25122
  • http://tomcat.apache.org/security-10.html
  • http://tomcat.apache.org/security-8.html
  • http://tomcat.apache.org/security-9.html




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore