CVE-2021-43980 LOW

Published: 2022-09-28 | Last Modified: 2025-05-21 | Status: Modified

Description

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

Additional Descriptions (1)

Una implementación simplificada de lecturas y escrituras de bloqueo introducida en Tomcat versión 10 y retrocedida a Tomcat versión 9.0.47 en adelante expuso un error de concurrencia de larga data (pero extremadamente difícil de activar) en Apache Tomcat versiones 10.1.0 a 10. 1.0-M12, 10.0.0-M1 a 10.0.18, 9.0.0-M1 a 9.0.60 y 8.5.0 a 8.5.77, que podía causar que las conexiones de los clientes compartieran una instancia de Http11Processor resultando en que las respuestas, o parte de ellas, fueran recibidas por el cliente equivocado

CVSS Metrics

Base Score: 3.7 (LOW)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	LOW
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 1.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-362
[email protected]	Secondary	en CWE-362

Affected Products

Vendor	Product	Version	Update	Type
apache	tomcat	*	<built-in method update of dict object at 0x72a9ccf29640>	Application
apache	tomcat	*	<built-in method update of dict object at 0x72a9b0d23cc0>	Application
apache	tomcat	*	<built-in method update of dict object at 0x72a9b0d20ac0>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9ccf29c80>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9ccf2b200>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9b0e0c680>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9b0b11280>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9b0e0ea40>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9b0d23f00>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9ccf2a540>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9994aa680>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72aa27660700>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9ccf29580>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9ccf2af40>	Application
apache	tomcat	10.1.0	<built-in method update of dict object at 0x72a9994a9040>	Application
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a9b0e0f200>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x72a9994aaec0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:apache:tomcat::::::::`
Yes	`cpe:2.3:a:apache:tomcat::::::::`
Yes	`cpe:2.3:a:apache:tomcat::::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::`
Yes	`cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`

References

http://www.openwall.com/lists/oss-security/2022/09/28/1
Source: [email protected]

Mailing List Third Party Advisory
https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
Source: [email protected]

Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
Source: [email protected]

Mailing List Third Party Advisory
https://www.debian.org/security/2022/dsa-5265
Source: [email protected]

Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/09/28/1
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://www.debian.org/security/2022/dsa-5265
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory