Thursday, March 4, 2021

Apache Tomcat: Important: Request mix-up with h2c (CVE-2021-25122)

When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
  • apache-tomcat-upgrade-0_0_2
  • apache-tomcat-upgrade-8_5_63
  • apache-tomcat-upgrade-9_0_43

  • References
  • CVE - 2021-25122


    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated