Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
Vulnerabilidad de reutilización y reciclaje incorrecto de objetos en Apache Tomcat. El reciclaje incorrecto de la solicitud y la respuesta utilizadas por las solicitudes HTTP/2 podría provocar una confusión de solicitudes y/o respuestas entre usuarios. Este problema afecta a Apache Tomcat: desde 11.0.0-M23 hasta 11.0.0-M26, desde 10.1.27 hasta 10.1.30, desde 9.0.92 hasta 9.0.95. Se recomienda a los usuarios que actualicen a la versión 11.0.0, 10.1.31 o 9.0.96, que soluciona el problema.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 3.9
Impact Score: 2.5
| Source | Type | Description |
|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-326
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | tomcat | * | <built-in method update of dict object at 0x75d8082a11c0> | Application |
| apache | tomcat | * | <built-in method update of dict object at 0x75d827ca3740> | Application |
| apache | tomcat | 11.0.0 | <built-in method update of dict object at 0x75d8082a3a80> | Application |
| apache | tomcat | 11.0.0 | <built-in method update of dict object at 0x75d827ca1780> | Application |
| apache | tomcat | 11.0.0 | <built-in method update of dict object at 0x75d827ca1700> | Application |
| apache | tomcat | 11.0.0 | <built-in method update of dict object at 0x75d827ca2b40> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:tomcat:11.0.0:milestone26:*:*:*:*:*:* |