Thursday, March 4, 2021

Apache Tomcat: Important: Request mix-up with h2c (CVE-2021-25122)

Description
When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
Solution(s)
  • apache-tomcat-upgrade-0_0_2
  • apache-tomcat-upgrade-8_5_63
  • apache-tomcat-upgrade-9_0_43


  • References
  • https://attackerkb.com/topics/cve-2021-25122
  • CVE - 2021-25122
  • http://tomcat.apache.org/security-10.html
  • http://tomcat.apache.org/security-8.html
  • http://tomcat.apache.org/security-9.html




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated