While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 9.0.0 |
||
apache tomcat 10.0.0 |
||
apache tomcat 9.0.36 |
||
apache tomcat 9.0.37 |
||
apache tomcat 9.0.38 |
||
apache tomcat 9.0.39 |
||
apache tomcat 9.0.35-3.39.1 |
||
apache tomcat 9.0.35-3.57.3 |
||
apache tomcat |
||
netapp oncommand system manager |
||
netapp element plug-in - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
oracle instantis enterprisetrack 17.1 |
||
oracle instantis enterprisetrack 17.2 |
||
oracle instantis enterprisetrack 17.3 |
||
oracle sd-wan edge 9.0 |
||
oracle workload manager 18c |
||
oracle workload manager 19c |
||
oracle mysql enterprise monitor |
||
oracle communications cloud native core binding support function 1.10.0 |
||
oracle communications cloud native core policy 1.14.0 |
||
oracle communications instant messaging server 10.0.1.5.0 |
||
oracle blockchain platform |